Status Tracking Note TRTA07-103A

Microsoft Windows DNS RPC Buffer Overflow

A buffer overflow in the the Remote Procedure Call (RPC) management interface used by the Microsoft Windows Domain Name Service (DNS) service is actively being exploited.

Event Information

Date (UTC)	Description
2007-05-08 19:42	Microsoft Microsoft Security Bulletin MS07-029: Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966) Security Bulletin published.
2007-05-08 19:42	Microsoft Microsoft Security Advisory (935964): Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution DNS RPC Management Vulnerability(CVE-2007-1748) Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS07-029 to address this issue.
2007-04-18 17:35	Symantec ThreatCON (2) => (1)
2007-04-18 15:05	Internet Security Systems AlertCon (2) => (1) Due to the seriousness of a remote code execution vulnerability in RPC on Windows Domain Name System (DNS) Server and absence of a vendor-supplied patch, the threat level has been elevated to AlertCon 2.
2007-04-18	Bugtraq MS Windows DNS RPC Remote Buffer Overflow Exploit (port 445) v2 Vulnerability Proof Of Concept (CVE-2007-1748) #Cid: Microsoft_Dns_Server_Exploit_v2.1.zip #Tested: Windows 2000 Server [ES] SP4 #Tested: Windows 2000 Server [EN] SP4 #Tested: Windows 2000 Server [IT] SP4 #Tested: Windows 2003 [Universal] SP2
2007-04-18	Symantec W32.Rinbot.BF Exploit vulnerabilities (CVE-2006-2630, CVE-2006-3439(MS06-040), CVE-2007-1748)
2007-04-17	Microsoft Microsoft Security Advisory (935964): Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution (CVE-2007-1748) Ongoing monitoring indicates that we are seeing a new attack that is attempting to exploit this vulnerability.
2007-04-16 03:15	Bugtraq Microsoft DNS Server Remote Code execution: Analysis and exploit Vulnerability Proof Of Concept (CVE-2007-1748) #Cid: Microsoft_Dns_Server_Exploit.zip #Cid: dnsxpl.rar #Tested: Windows 2000 Server [ES] SP4 #Tested: Windows 2003 [ES] SP2
2007-04-16	Symantec W32.Rinbot.BC Exploit vulnerabilities (CVE-2006-2630, CVE-2006-3439(MS06-040), CVE-2007-1748)
2007-04-16	SANS Internet Storm Center New Rinbot scanning for port 1025 DNS/RPC
2007-04-16	SANS Internet Storm Center Update on Microsoft DNS vulnerability
2007-04-16	McAfee W32/Nirbot.worm!83E1220A
2007-04-15 18:51	Bugtraq Windows DNS DnssrvQuery Stack Overflow Vulnerability Proof Of Concept (CVE-2007-1748) #Cid: 23470-devcode.c #Tested: Windows Advanced Server
2007-04-13 17:49	US-CERT TA07-103A: Microsoft Windows DNS RPC Buffer Overflow Via US-CERT Mailing List
2007-04-13 16:40	Internet Security Systems AlertCon (1) => (2) Due to the seriousness of a remote code execution vulnerability in RPC on Windows Domain Name System (DNS) Server and absence of a vendor-supplied patch, the threat level has been elevated to AlertCon 2.
2007-04-13 07:03	US-CERT Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution Microsoft has released a security advisory regarding a vulnerability in the Domain Name System (DNS) Server Service.
2007-04-13 06:00	Symantec ThreatCON (1) => (2)
2007-04-13	Microsoft Microsoft Security Advisory (935964): Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution (CVE-2007-1748) Advisory updated to include additional details about Windows Small Business Server. Mitigations also updated to include additional information regarding the affected network port range and firewall configuration.
2007-04-13	Internet Security Systems Microsoft Windows DNS Server RPC Interface Buffer Overflow
2007-04-13	SANS Internet Storm Center More info on the Windows DNS RPC interface vulnerability
2007-04-13	SANS Internet Storm Center Microsoft Vulnerability in RPC on Windows DNS Server
2007-04-13	Microsoft Microsoft Security Advisory (935964): Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution (CVE-2007-1748) Advisory "Suggested Actions" section updated to include additional information regarding TCP and UDP port 445 and the 15 character computer name known issue.
2007-04-12	Microsoft Microsoft Security Advisory (935964): Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution (CVE-2007-1748) Advisory published.

Reference

CVE-2007-1748


Date first published (UTC):	2007-04-15T03:07+00:00
Date last updated (UTC):	2007-05-12T18:10+00:00