| Follow us on Twitter |
SonicWALL first issued signatures designed to protect subscribers of SonicWALL's dynamic threat prevention services against exploits of this vulnerability on Friday, April 13 and has continued to issue updated signatures as more information and exploits have been discovered.
The DNS Server Service translates web site text names into IP addresses so that requests are routed to the correct server. While the number of exploits has been limited, they are considered dangerous. Because it is a server problem, all users of an infected server can be affected. Exploits of this vulnerability can potentially affect servers that run on Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 SP 1, and Windows Server 2003 SP 2.
The DNS Server Service vulnerability is being exploited via RPC requests that run malicious code in the remote management component of the server. Hackers are then able to divert web traffic, potentially forwarding victims to a malicious web site infected with malware when a user of that server types in a web address.
Users of SonicWALL's dynamic threat prevention services are currently protected by main signatures:
IPS: SID #2442 -- Windows DNS Server RPC Management Interface BO
Generic 2.
GAV: RinBot.A (Worm)
SonicWALL has developed unique technologies to deliver zero day gateway anti-virus, anti-spyware and intrusion prevention signatures to its subscribers on a continual basis, allowing them to defend against vulnerabilities like the DNS Server Service vulnerability as well as attacks and exploits such as phishing, viruses, DHA or DoS attacks and more - SonicWALL.
Posted April 20th, 2007 by Nymphadora
