Windows dynamic DNS update mechanism


The dynamic DNS update mechanism within the DNS Server service in Microsoft Windows does not properly authenticate clients. This occurs with certain configurations, and can allow remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle (MITM) attacks on web traffic. The can also use this flaw to conduct pharming attacks by poisoning DNS records, and cause a denial of service attack.

Additional Resources

MILW0RM: Advisory 3544

Featured Video

Behmor's app controlled coffee maker links to the Web for better brewing

The $329 Behmor Connected Coffee Brewer boasts the guts of an SCAA-approved drip coffee maker melded with a Wi-Fi radio, plus Internet links and mobile app control all in the interest of creating better pots of java.

by Brian Bennett