silversurfer

Level 63
Verified
Trusted
Content Creator
Malware Hunter
A new security advisory addresses a vulnerability that could be exploited to cause a denial-of-service attack.

Microsoft has released a security advisory addressing a vulnerability affecting Windows DNS Server. Successful exploitation of the flaw could lead to a denial-of-service attack, officials report.

ADV200009 warns of a vulnerability involving packet amplification that affects Windows DNS servers. An attacker would need access to at least one client and a domain that replies with large amounts of referral records that point to external subdomains. While resolving a name from the attacker client, for each record found the resolver contacts the victim's domain.

This process can generate a lot of communications between the recursive resolver and the victim's DNS server to cause a distributed denial-of-service attack, Microsoft explains. It recommends enabling RRL on a DNS server as a workaround for the vulnerability.

US-CERT has posted an alert for ADV200009. Users and administrators are encouraged to review Microsoft's post and apply the necessary mitigations.

Read Microsoft's full advisory here.
 
Top