News

Microsoft Preps DNS Mega-Patch

Don't look now, but Microsoft Corp. is prepping still another mega-patch, this time for the Windows DNS vulnerability it first disclosed last week.

• By Stephen Swoyer
• 04/20/2007

Like another recent patch -- an early April update which patched a bevy of Windows GDI vulnerabilities -- Microsoft could conceivably release its DNS fix as an out-of-band update. As of now, Redmond expects to release the fix as part of its normal May 8 Patch Tuesday update process, but that could change as circumstances develop.

"While we don't have a firm estimate on when we'll complete our development and testing of updates for this issue, we have teams around the world working on it twenty-four hours a day, and hope to have updates no later than May 8, 2007, for the May monthly bulletin release," wrote Christopher Budd on the Microsoft Security Response Center (MSRC) blog. "However, this is a developing situation, and we are constantly evaluating the situation and the status of our development and testing of updates."

If the scope of Microsoft's patching effort is as involved as Budd says, the software giant will probably need every minute between now and May 8 to test and validate its proposed fix. "For this issue, our teams are working on developing and testing 133 separate updates: one in every language for every currently supported version of Windows servers," Budd wrote.

The vulnerability impacts both Windows 2000 Server and Windows Server 2003. Windows 2000 Professional and Windows XP (all versions) aren't susceptible.

"Each of these has to be tested to ensure they effectively protect against the vulnerability. Because DNS is a critical part of the networking infrastructure, they also have to be tested to ensure that changes introduced by the updates don't pose a greater risk than the security issue we're addressing," he wrote.

As of yesterday, Microsoft had confirmed the existence of four separate software exploits, none of which automatically propagates, Budd confirmed. Elsewhere, the software giant added port 139 to the list of ports it recommends that customers block in accordance with its recommended firewall and IPSec workarounds.