The KB 935964 DNS Server Vulnerability and SBS

The KB 935964 DNS Server Vulnerability and SBS

  • Comments 2
  • Likes

[Today's post comes to us courtesy of Mark Stanfill]

If you're running SBS, you should be aware of a new vulnerability and how to mitigate it.  First, the references:

Main KB article:

http://support.microsoft.com/default.aspx/kb/935964

Microsoft Security Advisory:

http://www.microsoft.com/technet/security/advisory/935964.mspx

Others have covered this (here and here), but I wanted to weigh in as well.  The security advisory walks you through the steps (set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\RpcProtocol to 4 and restart the DNS Server service) in detail.  All SBS customers should implement this change as soon as possible.  All SBS servers run DNS by default.

The advisory also advises that you block "TCP and UDP port 445 as well as all unsolicited inbound traffic on ports greater than 1024".  The key word here is unsolicited.  Obviously, you don't want to block port 3389 for RDP or 4125 for RWW, etc. if you are publishing those services.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment