Thu, Apr 12 2007 23:28
Windows DNS server advisory
Microsoft Security Advisory (935964): Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution.: http://www.microsoft.com/technet/security/advisory/935964.mspx
Block the following at the firewall:
All unsolicited inbound traffic on ports between 1024 to 5000
The RPC interface of Windows DNS is bound to a port in this range. Blocking them at the firewall will help protect systems that are behind that firewall from attempts to exploit this vulnerability. We recommend that you block all unsolicited inbound communication from the Internet to help prevent attacks that may use other ports.
Keep in mind that we don't expose those ports in a SBS network externally anyway, so don't panic.
Filed under: Security