Active Internet Exploits against Microsoft DNS Zero-Day Vulnerability Picking Up
It appears that Microsoft's DNS problem is getting worse with the introduction of exploit code running around the Internet. Be aware that this vulnerability will allow an attacker complete control over an infected user within the context of an administrator. Since many Windows DNS servers are also Domain Controllers, this is expecially problematic.
According to Dark Reading, the name of the exploit is...
The Rinbot worm, which also is known as Delbot-AI and Nirbot, is exploiting a vulnerability in the Microsoft Domain Name System Server Service. The flaw lies in the way the Windows DNS Server's Remote Procedure Call (RPC) interface has been implemented.Rinbot, which is an Internet Relay Chat controlled backdoor, has been able to exploit the flaw by sending a crafted RPC packet to vulnerable computers. If the worm successfully infects a PC, according to researchers at Sophos, it allows hackers to gain remote access over the computer, giving them the ability to control what it does and steal information from an unsuspecting user.
Microsoft states that a patch should be ready by May 8th. Or, at least no longer than May 8th. What's interesting about the May 8th date is that that is the usual Patch Tuesday for Microsoft patches.
You can read the entire Dark Reading article at: http://www.darkreading.com/document.asp?doc_id=122162&f_src=darkreading_section_318