Check Point Advisories

Preemptive Protection against Microsoft Windows DNS Client Spoofing Vulnerability (MS08-020)

Check Point Reference: CPAI-2008-052
Date Published: 8 Apr 2008
Severity: High
Last Updated: Tuesday 01 January, 2008
Source: Microsoft Security Bulletin MS08-020
Industry Reference:CVE-2008-0087
Protection Provided by:
Who is Vulnerable? Microsoft Windows 2000 SP4
Windows XP SP2
Windows XP Professional x64 Edition
Windows XP Professional x64 Edition SP2
Windows Server 2003 SP1
Windows Server 2003 SP2
Windows Server 2003 x64 Edition
Windows Server 2003 x64 Edition SP2
Windows Server 2003 with SP1 (Itanium)
Windows Server 2003 with SP2 (Itanium)
Windows Vista
Windows Vista x64 Edition
Vulnerability Description A DNS Spoofing vulnerability has been reported in Microsoft DNS clients. DNS Spoofing allows an attacker to change a DNS entry so it would point to an IP of his own choice. This vulnerability could allow an attacker to send malicious responses to DNS requests made by vulnerable clients, thereby spoofing or redirecting Internet traffic from legitimate locations.
Update/Patch AvaliableApply patches:
Microsoft Security Bulletin MS08-020
Vulnerability DetailsThe vulnerability is due to the Windows DNS Client service predictable transaction ID values in DNS queries, which allows remote attackers to spoof DNS replies. A remote attacker that gained information about DNS client transaction IDs can exploit this issue to send malicious responses to DNS requests. Successful exploitation could allow the attacker to redirect Internet traffic from legitimate locations to an address of his choice.

Protection Overview

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.