Attack Code Raises Windows DNS Zero-Day Risk - UPDATE
Joris Evers writes on C|Net News:
The public release of computer code that exploits a yet-to-be-patched Windows security hole increases the possibility of widespread attacks, security experts have warned.More here.
At least four exploits for the vulnerability in the Windows domain name system, or DNS, service were published on the Internet over the weekend, Symantec said in an alert Monday. In response, the Cupertino, Calif., company raised its ThreatCon to level 2, which means an increase in attacks is expected.
The security vulnerability affects Windows 2000 Server and Windows Server 2003. Microsoft last week warned that it had already heard of a "limited attack" exploiting the flaw. However, exploit code wasn't yet publicly available. Exploits may help miscreants craft malicious code that uses the vulnerability to compromise Windows systems.
UPDATE: 15:56 PDT: It would appear that at least one active exploit is now active in the wild. The SANS ISC says: "New Rinbot scanning for port 1025 DNS/RPC".