Microsoft: No patch yet for DNS Server bug

Advertisement (Why?)

Microsoft Corp.'s security team yesterday said it is still working on a patch for a critical bug in the company's server software. The vulnerability in the Domain Name System Server Service of Windows 2000 Server SP4, Windows Server 2003 SP1 and Windows Server 2003 SP2, has been exploited since at least April 13, Microsoft acknowledged earlier -- although the company has continued to characterize those attacks as "limited."

"Our teams are continuing to work on developing and testing updates...[but] we don't have any new estimates on release timelines," said Christopher Budd, program manager for the Microsoft Security Response Center (MSRC) on the group's blog. "I can say that our ongoing testing so far has not raised any issues that would make us believe we might be looking at a longer timeline."

Previously, Budd has said that MSRC was shooting for releasing a patch May 8, the date of the next regularly-scheduled update. Security researchers, however, had earlier predicted that Microsoft would release an out-of-cycle fix, as it did April 3 for the Windows animated cursor vulnerability.

View: The full story

News source: ComputerWorld

(1 reply) #1 +Kirkburn on 24 Apr 2007 - 15:11

"Previously, Budd has said that MSRC was shooting for releasing a patch May 8, the date of the next regularly-scheduled update."

Er, so the point of the story is that this is still true?

#1.1 lbmouse on 24 Apr 2007 - 15:21

Talking to some of our corp IT guys, there were rumors floating around that MS was going to move up the release date for the patch. This has been a real major headache for them. It's also providing MORE ammo for the individuals that want to switch all the servers in our farms away from MS.

(2 replies) #2 Tech001101 on 24 Apr 2007 - 18:31

come on....

what's taking them so long?

#2.1 y2kboy23 on 24 Apr 2007 - 18:59

I like how people complain when Microsoft takes too long to patch something but then when they release a patch too quickly, they complain some more. I guess its a catch 22 situation.

#2.2 lbmouse on 25 Apr 2007 - 04:03

Quote - (y2kboy23 said @ #2.1)

Have you researched thel "Catch-22" by Joseph Heller?

(1 reply) #3 Rolith on 25 Apr 2007 - 04:21

Hehe...unlike Linux... Microsoft has ...ya know.. actual corporate clients that require of Microsoft security and stability... if a patch is released without testing... microsoft pays bigger negative dividends then the fact that there;'s a non-widely spread DNS bug in the os.

#3.1 lbmouse on 25 Apr 2007 - 15:54

Quote - (Rolith said @ #3)

Isn't "Microsoft security and stability" a double oxymoron?

Seriously though, I work for one of the larger companies and we use all types of operating systems... so as a "corporate client", we require stability from our Linux distros (Suse, Redhat, etc) just like we do from MS and IBM.

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Neowin.net