Microsoft has denied that the critical vulnerability affecting RPC on Windows Domain Name System Server is also found in Windows Vista or Windows XP Service Pack 2. The Microsoft Security response Center has tested this vulnerability against the complete range of current Windows operating systems and has concluded that the issue is limited to Windows 2000 Server SP4, Windows Server 2003 SP1 and Windows Server 2003 SP2. Microsoft continued to monitor the evolution of the problem since the initial report on April 12 and confirmed that attacks are still not widespread. The Redmond Company has also made available a new KB article designed to lend a helping hand to deploy DNS remote RPC block workaround at an enterprise level.
According to Christopher Budd, MSRC Security Program Manager, the DNS Server Service vulnerability only impacts the Windows server operating systems: “We know this because as part of our Software Security Incident Response Process (SSIRP) after we identify a vulnerability one of the first things we do is to establish the scope of affected software. We do this looking at the source code for the affected component in all publicly supported versions of the product. In the case of this vulnerability, the code with the vulnerability is in the DNS server component. That component isn’t present in Windows client operating systems.” Additionally, Budd pointed at May 8, as the official date for a security update to be released.
View: KB 936263
News source: Softpedia
According to Christopher Budd, MSRC Security Program Manager, the DNS Server Service vulnerability only impacts the Windows server operating systems: “We know this because as part of our Software Security Incident Response Process (SSIRP) after we identify a vulnerability one of the first things we do is to establish the scope of affected software. We do this looking at the source code for the affected component in all publicly supported versions of the product. In the case of this vulnerability, the code with the vulnerability is in the DNS server component. That component isn’t present in Windows client operating systems.” Additionally, Budd pointed at May 8, as the official date for a security update to be released.
View: KB 936263 News source: Softpedia
Between this is and the 3rd-try on the GDI patch, I think we can safely say MS's "new" security procedure DOES NOT WORK!!!!
Hint to MS: Copy Debian!!!!!!!!!!!!!!!!!!!
To I trust the OS where a fix is written and rushed out to users throught eh update.
or the OS where the maker releases and emergencey fixm writes the patch, and then takes the time needed to fully test the patch and make sure it doesn't add any bugs, stability issues or other secuiryt issues...
an immediate fix is not a good thing btw, expecially not on a server OS, you need to test and make sure stuff works as intended and doesn't fix one thing and breaks 10 others. This requires way more than half a day of testing.
And seeing as it's a Server thing mostly, the users should be more than capable enoguh to do the emergency fix.
Linux trolls ..... gotta love em
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.