Microsoft Preps DNS Mega-Patch

Don't look now, but Microsoft Corp. is prepping still another mega-patch, this time for the Windows DNS vulnerability it first disclosed last week.

Don't look now, but Microsoft Corp. is prepping still another mega-patch, this time for the Windows DNS vulnerability it first disclosed last week.

Like another recent patch -- an early April update which patched a bevy of Windows GDI vulnerabilities -- Microsoft could conceivably release its DNS fix as an out-of-band update. As of now, Redmond expects to release the fix as part of its normal May 8 Patch Tuesday update process, but that could change as circumstances develop.

"While we don't have a firm estimate on when we'll complete our development and testing of updates for this issue, we have teams around the world working on it twenty-four hours a day, and hope to have updates no later than May 8, 2007, for the May monthly bulletin release," wrote Christopher Budd on the Microsoft Security Response Center (MSRC) blog. "However, this is a developing situation, and we are constantly evaluating the situation and the status of our development and testing of updates."

If the scope of Microsoft's patching effort is as involved as Budd says, the software giant will probably need every minute between now and May 8 to test and validate its proposed fix. "For this issue, our teams are working on developing and testing 133 separate updates: one in every language for every currently supported version of Windows servers," Budd wrote.

The vulnerability impacts both Windows 2000 Server and Windows Server 2003. Windows 2000 Professional and Windows XP (all versions) aren't susceptible.

"Each of these has to be tested to ensure they effectively protect against the vulnerability. Because DNS is a critical part of the networking infrastructure, they also have to be tested to ensure that changes introduced by the updates don't pose a greater risk than the security issue we're addressing," he wrote.

As of yesterday, Microsoft had confirmed the existence of four separate software exploits, none of which automatically propagates, Budd confirmed. Elsewhere, the software giant added port 139 to the list of ports it recommends that customers block in accordance with its recommended firewall and IPSec workarounds.

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.


  • Azure AD Enhancements Bring Expanded Support for Auto-Provisioned SaaS Apps

    Microsoft announced a number of Azure Active Directory enhancements this month.

  • What's Behind Microsoft's Sudden Teams Push?

    As Skype for Business slowly gets phased out and Slack's enterprise dominance becomes less of a sure thing, the time is right for Microsoft to focus its marketing energies on its upstart collaboration tool.

  • Microsoft Releases PowerShell 7 Preview 3

    Microsoft announced on Wednesday that the PowerShell 7 Preview 3 scripting solution is now available.

  • SQL Server 2019 Release Candidate Now Available

    Microsoft on Wednesday announced the release of SQL Server 2019 release candidate (RC).

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.