SECUNIA ADVISORY ID: SA24871

VERIFY ADVISORY: http://secunia.com/advisories/24871/

CRITICAL: Highly critical

IMPACT: System access

WHERE: >From local network

DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in an RPC interface of the DNS service used for remote management of the service. This can be exploited to cause a stack-based buffer overflow via a specially crafted RPC request. Successful exploitation allows execution of arbitrary code with SYSTEM privileges.

OPERATING SYSTEM:
Microsoft Windows Storage Server 2003 - http://secunia.com/product/12399/
Microsoft Windows Server 2003 Web Edition - http://secunia.com/product/1176/
Microsoft Windows Server 2003 Standard Edition - http://secunia.com/product/1173/
Microsoft Windows Server 2003 Enterprise Edition - http://secunia.com/product/1174/
Microsoft Windows Server 2003 Datacenter Edition - http://secunia.com/product/1175/
Microsoft Windows 2000 Server - http://secunia.com/product/20/
Microsoft Windows 2000 Datacenter Server - http://secunia.com/product/1177/
Microsoft Windows 2000 Advanced Server - http://secunia.com/product/21/

NOTE: According to Microsoft, this is already being actively exploited on a limited scale.

SOLUTION: The vendor recommends disabling the remote management over RPC capability for DNS servers.

PROVIDED AND/OR DISCOVERED BY: Discovered as a 0-day.

ORIGINAL ADVISORY:
Microsoft:
http://www.microsoft.com/technet/security/advisory/935964.mspx
http://blogs.technet.com/msrc/archive/2007/04/12/microsoft-security-advisory-935964-posted.aspx