| Check Point Reference: |
CPAI-2007-133 |
| Date Published: |
18 Nov 2007 |
| Severity: |
High
|
| Last Updated: |
Monday 01 January, 2007 |
| Source: |
Microsoft Security Bulletin MS07-062 |
| Industry Reference: | CVE-2007-3898 |
| Protection Provided by: |
|
| Who is Vulnerable? | Microsoft Windows 2000 Server SP4
Windows Server 2003 SP1
Windows Server 2003 SP2
Windows Server 2003 x64 Edition
Windows Server 2003 x64 Edition SP2
Windows Server 2003 with SP1 (Itanium)
Windows Server 2003 with SP2 (Itanium) |
| Vulnerability Description |
A DNS Cache Poisoning vulnerability has been reported in Microsoft DNS servers. DNS cache poisoning occurs when false DNS records are injected into a DNS server's cache tables. Once the cache tables have been altered, a remote attacker may inspect, capture or corrupt any information exchanged between hosts on the network. By poisoning a DNS server, a remote attacker could, for example, direct users to malicious sites or prevent them from accessing web sites of their choice. |
| Update/Patch Avaliable | Apply patches:
Microsoft Security Bulletin MS07-062 |
| Vulnerability Details | The vulnerability is due to the Windows DNS Server service predictable transaction ID values in outgoing DNS queries, which allows remote attackers to spoof DNS replies and poison the DNS cache. A remote attacker can exploit this issue to poison the DNS cache by sending malicious responses to DNS requests. Successful exploitation could allow the attacker to redirect Internet traffic from legitimate locations to an address of his choice. |
Feedback