Microsoft Preps DNS Mega-Patch

Don't look now, but Microsoft Corp. is prepping still another mega-patch, this time for the Windows DNS vulnerability it first disclosed last week.

Don't look now, but Microsoft Corp. is prepping still another mega-patch, this time for the Windows DNS vulnerability it first disclosed last week.

Like another recent patch -- an early April update which patched a bevy of Windows GDI vulnerabilities -- Microsoft could conceivably release its DNS fix as an out-of-band update. As of now, Redmond expects to release the fix as part of its normal May 8 Patch Tuesday update process, but that could change as circumstances develop.

"While we don't have a firm estimate on when we'll complete our development and testing of updates for this issue, we have teams around the world working on it twenty-four hours a day, and hope to have updates no later than May 8, 2007, for the May monthly bulletin release," wrote Christopher Budd on the Microsoft Security Response Center (MSRC) blog. "However, this is a developing situation, and we are constantly evaluating the situation and the status of our development and testing of updates."

If the scope of Microsoft's patching effort is as involved as Budd says, the software giant will probably need every minute between now and May 8 to test and validate its proposed fix. "For this issue, our teams are working on developing and testing 133 separate updates: one in every language for every currently supported version of Windows servers," Budd wrote.

The vulnerability impacts both Windows 2000 Server and Windows Server 2003. Windows 2000 Professional and Windows XP (all versions) aren't susceptible.

"Each of these has to be tested to ensure they effectively protect against the vulnerability. Because DNS is a critical part of the networking infrastructure, they also have to be tested to ensure that changes introduced by the updates don't pose a greater risk than the security issue we're addressing," he wrote.

As of yesterday, Microsoft had confirmed the existence of four separate software exploits, none of which automatically propagates, Budd confirmed. Elsewhere, the software giant added port 139 to the list of ports it recommends that customers block in accordance with its recommended firewall and IPSec workarounds.

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.


  • How To Configure Windows 10 for Intel Optane Memory

    Intel's Optane memory technology can significantly improve the performance of your Windows 10 system -- provided you enable it correctly. A single mistake can render the system unbootable. Here's how to do it the right way.

  • Microsoft and SAP Enhance Partnership with Teams Integration

    Microsoft and SAP this week described continuing partnership efforts on Microsoft Azure, while also planning a Microsoft Teams integration with SAP's enterprise resource planning product and other solutions.

  • Blue Squares Graphic

    Microsoft Previews Azure IoT Edge for Linux on Windows

    Microsoft announced a preview of Azure IoT Edge for Linux on Windows, which lets organizations tap Linux virtual machine processes that also work with Windows- and Azure-based processes and services.

  • How To Automate Tasks in Azure SQL Database

    Knowing how to automate tasks in the cloud will make you a more productive DBA. Here are the key concepts to understand about cloud scripting and a rundown of the best tools for automating code in Azure.

comments powered by Disqus