Internet Security Systems Discovers and Protects Against Critical Flaws in Microsoft DNS Client

August 10, 2006; 08:50 AM
Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX), the worldwide leader in pre-emptive, enterprise security, today announced that it has discovered and provided pre-emptive protection for critical flaws in the Microsoft Domain Name System (DNS) client since February 2006. ISS is providing customers with security content and protection for all of the vulnerabilities disclosed by Microsoft yesterday, including a flaw in the Microsoft Server Service, which X-Force predicts could soon be used by attackers to create an Internet worm.

"The Microsoft DNS client flaws discovered by X-Force are of particular concern because the vulnerable DNS client is installed on all current Windows platforms," said Alain Sergile, technical product manager of X-Force, the research division of Internet Security Systems. "Through these vulnerabilities, an attacker can answer a DNS query with a malicious response, triggering a heap corruption and gaining complete, unauthorised control of an affected machine."

The Microsoft DNS client is an internal library supplied with Windows that is used to resolve domain names to IP addresses. X-Force has discovered three separate vulnerabilities in the DNS code.

"In addition to paying particular attention to the DNS flaws, ISS advises organisations to place priority on patching the Microsoft Server Service," said Gunter Ollmann, director of ISS X-Force. "Because the service runs by default on Windows machines, and a successful compromise of an affected version leaves the attacker in complete control of the targeted host, this type of vulnerability is traditionally a common vector for worm exploitation."

The Microsoft Server Service provides basic Windows networking services such as file and printer sharing. Through the flaw announced by Microsoft today, it is vulnerable to remote code execution.

The unique intelligence of X-Force is infused into all ISS products and services, including the company's Virtual Patch® technology, enabling the company to pre-­emptively protect customers from the world's most dangerous security events before impact. Since its inception in 1997, X-Force has consistently rivalled independent researchers and other security vendors with its cutting-edge vulnerability discoveries.

Further details on these vulnerabilities and ISS discoveries can be found in the ISS X-Force advisories and alert at: http://xforce.iss.net/

Microsoft's security bulletin addressing these issues can be found at: http://www.microsoft.com/technet/security/current.aspx