Microsoft preps 133 patches for Windows DNS hole

Fix should be available on Microsoft's next Patch Tuesday, May 8, or possibly sooner.

Microsoft plans to have a fix for the recently disclosed Windows Domain Name System service flaw available by its May 8 patch day at the latest.

"This is a developing situation and we are constantly evaluating the situation and the status of our development and testing of updates," Christopher Budd, a Microsoft Security Response Center staffer wrote on a corporate blog Tuesday.

Microsoft is working on 133 separate updates for the problem, Budd wrote.

"One in every language for every currently supported version of Windows servers," he wrote. "Each of these has to be tested to ensure they effectively protect against the vulnerability."

The security vulnerability affects Windows 2000 Server and Windows Server 2003. Microsoft last week warned that it had already heard of a "limited attack" exploiting the flaw. Since then exploit code was publicly disclosed and a that takes advantage of the hole has surfaced.

The attacks on the DNS service happen when someone sends rigged data to it. The service is meant to help map text-based Internet addresses to numeric Internet Protocol addresses. The vulnerability affects the DNS RPC interface. RPC, or Remote Procedure Call, is a protocol used by applications to send requests across a network.

Because DNS is a critical part of the networking infrastructure, Microsoft is taking special care with its patches, Budd wrote. "They also have to be tested to ensure that changes introduced by the updates don't pose a greater risk than the security issue we're addressing," he wrote.



Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

Hot on CNET

CNET's giving away a 3D printer

Enter for a chance to win* the MakerBot Replicator 3D Printer and all the supplies you need to get started.