"Microsoft alerted us this time about 12 vulnerabilities of which nine were rated critical and three important. There are vulnerabilities in the Server service, the DNS service, Outlook Express, PowerPoint, the Microsoft Management Console, Visual Basic for Applications, and more."
Post a Comment
Member since:
2005-07-06
Member since:2006-01-26
well... here's the description on windows update:
A security issue has been identified in DNS Resolution that could allow an attacker to compromise your Windows-based system and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.
with a link to this page: http://www.microsoft.com/technet/security/bulletin/ms06-041.mspx
So, it's a problem with DNS resolution on the CLIENT SIDE!...
Member since:2005-10-13
Member since:2006-01-26
Yes - while anyone could run their own DNS server for their own domain - most DNS queries are facilitated through ISP DNS servers (which then cache the queries on behalf of the clients) - so it would be somewhat difficult to coerce a vulnerable machine to issue a request from a compromised server - unless you already had some control over the vulnerable machine in the first place.
