---------------------------------------------------------------------- Did you know? Our assessment and impact rating along with detailed information such as exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more about our commercial solutions: http://secunia.com/advisories/business_solutions/ Click here to trial our solutions: http://secunia.com/advisories/try_vi/ ---------------------------------------------------------------------- TITLE: Microsoft Windows DNS / WINS Multiple Spoofing Vulnerabilities SECUNIA ADVISORY ID: SA34217 VERIFY ADVISORY: http://secunia.com/advisories/34217/ DESCRIPTION: Some vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to poison a DNS cache and conduct spoofing attacks. 1) An error in the Windows DNS server may cause it to not properly reuse cached responses. This can be exploited via specially crafted DNS queries to poison the DNS cache and thus redirect network traffic. 2) An error in the Windows DNS server may cause it to not properly cache DNS responses. This may increase the predictability of subsequent transaction IDs and can be exploited to poison the DNS cache via specifically crafted queries sent to the DNS server. 3) The Windows DNS server does not properly validate who can register WPAD entries when dynamic update is used and ISATAP and WPAD are not already registered in DNS. This can be exploited to conduct MitM (Man-in-the-Middle) attacks by registering "WPAD" in the DNS database pointing to a desired IP address. 4) The Windows WINS server does not properly validate who can register WPAD or ISATAP entries. This can be exploited to conduct MitM (Man-in-the-Middle) attacks by registering WPAD or ISATP in the WINS database pointing to a desired IP address. Vulnerabilities #3 and #4 may be related to: SA27901 SOLUTION: Apply Patches. DNS server on Microsoft Windows 2000 Server SP4 (961063): http://www.microsoft.com/downloads/details.aspx?familyid=110354f7-5ece-4c4d-b563-3adba6ac0116 WINS server on Microsoft Windows 2000 Server SP4 (961064): http://www.microsoft.com/downloads/details.aspx?familyid=4319abb3-1ea2-466a-a815-c0b3b86b4462 DNS server on Windows Server 2003 SP1 and SP2 (961063): http://www.microsoft.com/downloads/details.aspx?familyid=6cc42c9e-c34e-4577-8b23-9e07e2369878 WINS server on Windows Server 2003 SP1 and SP2 (961064): http://www.microsoft.com/downloads/details.aspx?familyid=049e5db5-7315-4188-99fd-4a54833e6bf2 DNS server on Windows Server 2003 x64 Edition and SP2 (961063): http://www.microsoft.com/downloads/details.aspx?familyid=b1f81fd2-0099-4450-8543-0459561d22d0 WINS server on Windows Server 2003 x64 Edition and SP2 (961064): http://www.microsoft.com/downloads/details.aspx?familyid=4a393c63-eff5-4c8c-9c3f-33ce45c32428 DNS server on Windows Server 2003 with SP1 and SP2 for Itanium-based Systems (961063): http://www.microsoft.com/downloads/details.aspx?familyid=d3ed7d9a-d652-4bd0-aecc-5a415bec6c59 WINS server on Windows Server 2003 with SP1 and SP2 for Itanium-based Systems (961064): http://www.microsoft.com/downloads/details.aspx?familyid=37e3a75e-0a5d-4df0-881f-cdb87efa4dcf DNS server on Windows Server 2008 for 32-bit Systems (961063): http://www.microsoft.com/downloads/details.aspx?familyid=92e89882-d656-4b61-a05c-3afb44895f08 DNS server on Windows Server 2008 for x64-based Systems (961063): http://www.microsoft.com/downloads/details.aspx?familyid=be068d06-5939-4ad8-8191-e85931ed610f PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MS09-008 (KB962238, KB961063, KB961064): http://www.microsoft.com/technet/security/Bulletin/MS09-008.mspx OTHER REFERENCES: SA27901: http://secunia.com/advisories/27901/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------