Exploit Goes Public for Windows DNS Server Bug

A public exploit appeared just two days after Microsoft acknowledged a critical vulnerability in its server software, a change one security company said "greatly increases" the chances of a broad attack.

The zero-day bug in the Domain Name System (DNS) Server Service in Windows 2000 Server (SP4) and Windows Server 2003 (SP1 and SP2) was confirmed by Microsoft late on Thursday. On Friday, the company said the current beta of Longhorn Server, the next-generation server software expected to ship later this year, was also affected.

Symantec warned Saturday that the Metasploit Project had released a public exploit for the vulnerability. "The release of this exploit greatly increases the chance of widespread exploitation of this issue before a patch is made available," warned Symantec. Metasploit is a security testing tool largely guided by developer and researcher HD Moore and is frequently first out the gate with exploits of Windows vulnerabilities.

Ken Dunham, director of VeriSign's iDefense rapid response team, also noted the importance of the Metasploit release. "[This changes] the threat landscape for this issue," he said in an e-mail.

Microsoft modified its advisory late Friday and again Sunday to offer more detailed defensive recommendations and note that Microsoft Windows Small Business Server 2000 and Small Business Server 2003 are also at risk.

Go to Computerworld to read the rest of the story.