Microsoft: DNS patch to come by May 8... maybe

Advertisement (Why?)

By May 8 Microsoft hopes to fix a critical flaw in Windows Domain Name System servers reported last week that is being exploited by online criminals. Microsoft characterizes the level of attacks as "not widespread". Security experts confirmed that variants of the Rinbot worm (also called Nirbot by some vendors) had been scanning networks for vulnerable systems and then attempting to exploit the DNS bug. The problem only affects Windows 2000 and Windows Server 2003 systems, which can be tricked into running unauthorized software when an attacker sends them maliciously encoded Remote Procedure Call packets to the DNS server.

Microsoft has published a workaround for the problem, and the software vendor is weighing whether to step up its response and fix it ahead of May 8, the date of the company's next scheduled security update. "While we don't have a firm estimate on when we'll complete our development and testing of updates for this issue, we have teams around the world working on it twenty-four hours a day, and hope to have updates no later than May 8, 2007. However, this is a developing situation and we are constantly evaluating the situation and the status of our development and testing of updates," said Microsoft security program manager Christopher Budd.

News source: InfoWorld

#1 redeemed on 18 Apr 2007 - 23:49

I like the maybe.

(1 reply) #2 hapbt on 18 Apr 2007 - 23:51

Good thing this isn't some crazy OPEN SOURCE project which could never respond to a vulnerability like this in a reasonable amount of time! Or maybe this would have been found a long time ago by independent auditors and fixed, or even if discovered late, would have had 100x as many people on hand to fix it that much faster.

#2.1 virtorio on 19 Apr 2007 - 00:12

And maybe no one cares what you think?

If you don't like the way Microsoft does things then don't use their products and take your trolling comments elsewhere.

(1 reply) #3 _dandy_ on 19 Apr 2007 - 02:17

Some people have a really short memory. It's been barely over two weeks since MS rushed that .ANI file hotfix ahead of schedule, which then had to be patched again a few days later.

Let them do it properly and only once, I say.

#3.1 hapbt on 19 Apr 2007 - 13:50

Yeah so what if a few hundred or thousand systems get pwned and turned into zombies, and cause thousands of dollars of damages, right? As long as MS can 'take their time' and give the surviving systems a nice patch?
In a situation like this with a remote exploit I think 'doing it right' is the last concern, doing it fast is primary concern, make the patch optional or something but make a patch available immediately! Remote exploits are serious stuff!!!
Anyways the patch you're talking about should have been fixed 2 years ago, so maybe it dosen't matter if they patch the stuff or not since no amount of time can fix the fact that they suck.

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Neowin.net