MS.Windows.DNS.Server.WPAD.Registration.Spoofing
Description
This indicates an attack attempt to exploit an information spoofing vulnerability in Microsoft windows DNS server.
This vulnerability is caused by an error when the vulnerable software is handling malicious entries in DNS database. It allows a remote attacker to exploit a DNS spoofing via sending a DNS dynamic update packet.
Affected Products
Microsoft Windows 2000 Server Service Pack 4
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2008 for 32-bit Systems*
Windows Server 2008 for x64-based Systems*
Impact
Information Spoofing: Remote attackers can spoof datas of vulnerable systems.
Recommended Actions
Refer to the vendor's web site for suggested workaround.
http://www.microsoft.com/technet/security/Bulletin/ms09-008.mspx
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |