Check Point Advisories

Preemptive Protection against Microsoft Windows DNS Server Spoofing Vulnerability (MS07-062)

Check Point Reference: CPAI-2007-133
Date Published: 18 Nov 2007
Severity: High
Last Updated: Monday 01 January, 2007
Source: Microsoft Security Bulletin MS07-062
Industry Reference:CVE-2007-3898
Protection Provided by:
Who is Vulnerable? Microsoft Windows 2000 Server SP4
Windows Server 2003 SP1
Windows Server 2003 SP2
Windows Server 2003 x64 Edition
Windows Server 2003 x64 Edition SP2
Windows Server 2003 with SP1 (Itanium)
Windows Server 2003 with SP2 (Itanium)
Vulnerability Description A DNS Cache Poisoning vulnerability has been reported in Microsoft DNS servers. DNS cache poisoning occurs when false DNS records are injected into a DNS server's cache tables. Once the cache tables have been altered, a remote attacker may inspect, capture or corrupt any information exchanged between hosts on the network. By poisoning a DNS server, a remote attacker could, for example, direct users to malicious sites or prevent them from accessing web sites of their choice.
Update/Patch AvaliableApply patches:
Microsoft Security Bulletin MS07-062
Vulnerability DetailsThe vulnerability is due to the Windows DNS Server service predictable transaction ID values in outgoing DNS queries, which allows remote attackers to spoof DNS replies and poison the DNS cache. A remote attacker can exploit this issue to poison the DNS cache by sending malicious responses to DNS requests. Successful exploitation could allow the attacker to redirect Internet traffic from legitimate locations to an address of his choice.

Protection Overview

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.