Roy Schestowitz wrote:
> Attack code raises Windows DNS zero-day risk
>
> ,----[ Quote ]
> | At least four exploits for the vulnerability in the Windows domain
> | name system, or DNS, service were published on the Internet over the
> | weekend, Symantec said in an alert Monday.
> `----
>
> http://news.zdnet.com/2100-1009_22-6176429.html
I would say that MS's response to this, in particular the work around, is a
reasonable response to this vulnerability. It is also true that a well set
firewall would have made it very unlikely that this exploit could have
caused problems for most users.
The workaround will probably not cause problems for admin because they can
still make use of terminal services to remotely admin the DNS. I looked
that up because I wondered how those with remote stations would manage,
though it has to be said that DNS changes are not really a regular task,
normal DNS functionality can go ahead as before.
Why MS didn't go down every port, in the way Linux did, once potential
vulnerabilities were found I don't know. Maybe they just checked the
popular ones :)
|
|
