We add confidence to computing
CALL (+91) 22 28265701, 93223 59065.
Free 24x7 Assistance
Forums: http://forums.mwti.net
Home                                
AntiVirus, AntiSpyware, AntiSpam Products for
Download Center
Partners Section
Support Center
Buy Online
Renew Your Products
Virus Information
Tell A Friend
Bookmark This Page
About Us
Events
Contact Us
Career With Us

  Home » Press Release
  MicroWorld Press Release
  
 
   
 
 
New exploits out for DNS Vulnerability in Windows Server - 17 April 2007

The AntiVirus, AntiSpam and Content Security firm MicroWorld Technologies urges organizations to be on their guard, as the number of exploits out for the critical DNS vulnerability in Windows Server rose to five. The possibility of ‘Vanbot’ worm exploiting the flaw is also looked into, says the Security firm.

The flaw in question was made public by Microsoft on last Thursday, as first reports of it came a day after the Redmond firm’s patch Tuesday. It can be found here. The flaw is related to the way DNS (Domain Name System) Server Service uses RPC (Remote Procedure Call) interface.

RPC is a protocol used in requesting a service from a program located in another computer in a network. An attacker can send a malformed RPC packet to create buffer overflow in DNS service, which will allow him to execute arbitrary code on the victim’s computer.

The affected versions are Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2. Security researchers indicate that the new Windows Server in the making, code named as ‘Longhorn’, is also not insulated from the danger.

Rohini Sonawane, Chief Operating Officer of MicroWorld, says “If the DNS service is compromised, the intruder can plant Pharming attacks in the computer, where a legitimate web request can be re-directed to a malicious spoof website. It means, when you key in the web address of your bank in a compromised computer, the request will go to the Phishing site, which will capture all your confidential banking information and hand them over to the malware author!”

According to Rohini, a variant of the ‘Vanbot’ worm known to exploit many earlier Windows vulnerabilities, is reportedly exploiting this new found loophole as well. She said MicroWorld is analyzing these possibilities, even as the firm’s products eScan and MailScan safeguard users against all Vanbot varieties.

Vikas Vishwasrao, a Senior Security Analyst at MicroWorld suggests that users of MicroWorld’s eConceal firewall can block Port 445 as well as Port 1025 and all Ports above, till Microsoft releases a patch for the flaw, since these Ports are used by the RPC protocol. He said an infection can be sensed using TCP Connection feature of MicroWorld products, as affected computers will show frantic network activity in IRC traffic as well as a huge increase in HTTP traffic on non standard ports.

 

MicroWorld

MicroWorld Technologies (www.mwti.net) is the developer of the world's most advanced AntiVirus, Content Security and Firewall software eScan, MailScan, and eConceal. MicroWorld Winsock Layer (MWL) is the revolutionary technology that powers most of MicroWorld products enabling them to achieve several certifications and awards by some of the most prestigious testing bodies, notable among them being Virus Bulletin, Checkmark, TUCOWS, Red Hat Ready and Novell Ready.


To learn more, kindly visit http://www.mwti.net.

From

MicroWorld
Email: response@mwti.net

 
 





Corporate Links
Corporate Info
Our Vision

Press Center

Press Releases

MicroWorld Offices

Career With Us

Awards Earned
Click here for more awards of eScan

Customer Feedback

 

Hi There I must say your support is great I only wish other tech companies were half as good.

David Hyde

--------------------------
I really appreciate all your help with the Microsoft fiasco the other day. You always go the extra mile and no matter how it seems, I greatly appreciate you.

Jay Traylor
   
Copyright © 2009 MicroWorld Technologies Inc. - AntiVirus & Content Security