0

If you're visiting a known site such as Google.com, you're perfectly safe, right? Wrong. New DNS vulnerabilities in Microsoft's Windows 2000 and 2003 severs could potentially allow a DNS server to get hijacked, and redirect a user to a completely different site than they expected to see.

The vulnerability exists in the RPC protocol (Remote Procedure Call), which is supposed to get services from other applications on the network. By using a basic stack overflow technique, hackers can compromise the target machine and gain access to the routing table.

This becomes extremely dangerous. Cybercrooks could redirect a visitor to a phishing site instead of the site they originally intended to visit, stealing credit card information and personal information. Email could be rerouted to different servers.

Seeing how old Windows 2000 is, it's a little surprising that someone didn't discover this sooner. Nearly 7 years since it was released, and a vulnerability that's so simple to take advantage of for any somewhat-knowledgeable hacker.

Good news is that owners of servers running on Windows XP and Vista have nothing to worry about; the security bug does not exist in these versions.

While you're waiting for your Windows 2000 server to get patched by Microsoft, they recommend disabling the remote-administration option which is needed to exploit the vulnerability. There's also ports that you can block on your firewall which will effectively stop RPC, and thus the attacks.

Perhaps now server owners see a benefit to upgrading to Vista...

1
Contributor
0
Replies
1
Views
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.