“Microsoft alerted us this time about 12 vulnerabilities of which nine were rated critical and three important. There are vulnerabilities in the Server service, the DNS service, Outlook Express, PowerPoint, the Microsoft Management Console, Visual Basic for Applications, and more.”
Not the DNS service built into every desktop, but a for-server-systems-only DNS service I hope.
well… here’s the description on windows update:
A security issue has been identified in DNS Resolution that could allow an attacker to compromise your Windows-based system and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.
with a link to this page: http://www.microsoft.com/technet/security/bulletin/ms06-041.mspx
So, it’s a problem with DNS resolution on the CLIENT SIDE!…
Which is very bad, but presumably the only computers that could compromise the clients would be the DNS servers, which should be fairly well trusted anyway. Or maybe I’m wrong?
Edited 2006-08-09 14:39
Yes – while anyone could run their own DNS server for their own domain – most DNS queries are facilitated through ISP DNS servers (which then cache the queries on behalf of the clients) – so it would be somewhat difficult to coerce a vulnerable machine to issue a request from a compromised server – unless you already had some control over the vulnerable machine in the first place.