PatchLink Delivers Zero-Day Remediation to Protect End Users Against Exploits in Microsoft Windows DNS Server

April 18, 2007; 01:50 AM
PatchLink® Corporation, the global leader in security and vulnerability management solutions, today issued an automated "DNS Zero-Day Remediation" to help its customers identify the Domain Name System (DNS) Server Service vulnerability and temporarily defend against exploits in the wild. The emergency workaround enables customers to identify if they are vulnerable, determine where the impacted DNS servers are located and block known attack vectors to mitigate risks to their IT environment.

Microsoft issued a security advisory last week about targeted attacks exploiting a vulnerability in the Windows DNS Server, and on Monday, announced that a worm appeared on the Internet. PatchLink's automated DNS Zero-Day Remediation (Microsoft suggested actions) will help protect customers while they wait for an official patch from Microsoft and will enable customers to uninstall once the Microsoft patch is made available.

According to Paul Zimski, director of product and market strategy at PatchLink, "While the current botworm exploits are unsophisticated, there is considerable danger that more sophisticated attacks could be in the works. The DNS servers are a particularly high value target because a hacker that 'owns' DNS servers can perform a 'man in the middle' attack. Although this attack isn't going to hit every desktop, it is very serious."

Customers who opt to mitigate the threat can automatically apply a pre-tested workaround that gives them the stop gap needed to combat attacks until an official remediation is released. For more information on the DNS vulnerability and Microsoft's suggested action, visit: http://www.microsoft.com/technet/security/advisory/935964.mspx.

PatchLink® is the global leader for security patch and vulnerability management solutions, delivering comprehensive, multi-platform assessment and remediation for continuous protection across the enterprise. Offering the most comprehensive platform and application support, PatchLink maintains the largest tested and most up-to-date security patch repository, enabling organizations to accurately assess and remediate vulnerabilities based on established industry best practices. Currently protecting thousands of commercial and government organizations and millions of PCs and servers worldwide, PatchLink effectively eliminates vulnerability risks and enforces security and compliance policies while reducing overall IT costs. PatchLink is headquartered in Scottsdale, Arizona and was founded in 1991 by Sean Moshir.