Zone-H.org - Unrestricted Information - New Windows DNS flaw exploited... and that's how you saw a defaced zone-h yesterday

New Windows DNS flaw exploited... and that's how you saw a defaced zone-h yesterday

Friday, 13 April 2007

Microsoft warned yesterday about a security flaw, stll un-patched ,in some Windows verions. The flaw has been used by cyber prankster to launch attacks against computers provided with Windows OS.

Specifically, Microsoft warned in a security advisory that the attack exploits “a vulnerability in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2.”

Microsoft Windows 2000 Professional Service Pack 4, Windows XP Service Pack 2, and Windows Vista are not at risk since they do not contain the vulnerable code.

This flaw was used yesterday to compromise a computer located on the same network segment of ours, within the C class assigned to us by the farming company (Elion - Estonia). Initially we thought about a kind of 0day effecting Zone-H's Apache's cache, but then digging a bit more we discovered that the attacker, by conquering such windows-based server, was able to arp-poison the whole network segment, injecting a defacing message in the transiting HTTP traffic.

So, technically no hacks into Zone-H but our visitors were receiving altered HTTP traffic, carrying the defacing code. The arp posioning attack was not 100% functional as it couldn't effect each and every packets (probably because Zone-H traffic was indeed too intense to be all poisoned), this is why by reloading Zone-H's homepage sometimes you were seeing the normal page and other times you were getting the defacer's message. Nothing we could do about it, perhaps the next time we will buy an entire network segment from a server farm...

According to Microsoft, the issue could be exploited in a limited number of cases. An attacker could exploit such vulnerability and to run code in the security context of Domain Name System Server Service, which by default runs as Local System.

This is a common type of coding problem for Microsoft and Windows users: a successful attack will give full control over a vulnerable machine without any user interaction, Microsoft said.

Microsoft also declared that a security patch will be soon provided to protect Windows users from this threat . Moreover, the company recommends affected users to apply for support to local Microsoft subsidiaries.

Comments Index (Total Messages: 3)

xD Written by Guest on 2007-04-22 13:27:24

Killing Virus Written by Guest on 2007-04-22 21:55:29

wtf?! Written by Guest on 2007-04-27 11:28:04

Powered by a Zone-H(ified) version of AkoComment 3.0!

DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice.

< Prev		Next >

[ Back ]