| Check Point Reference: |
CPAI-2008-052 |
| Date Published: |
8 Apr 2008 |
| Severity: |
High
|
| Last Updated: |
Tuesday 01 January, 2008 |
| Source: |
Microsoft Security Bulletin MS08-020 |
| Industry Reference: | CVE-2008-0087 |
| Protection Provided by: |
|
| Who is Vulnerable? | Microsoft Windows 2000 SP4
Windows XP SP2
Windows XP Professional x64 Edition
Windows XP Professional x64 Edition SP2
Windows Server 2003 SP1
Windows Server 2003 SP2
Windows Server 2003 x64 Edition
Windows Server 2003 x64 Edition SP2
Windows Server 2003 with SP1 (Itanium)
Windows Server 2003 with SP2 (Itanium)
Windows Vista
Windows Vista x64 Edition |
| Vulnerability Description |
A DNS Spoofing vulnerability has been reported in Microsoft DNS clients. DNS Spoofing allows an attacker to change a DNS entry so it would point to an IP of his own choice. This vulnerability could allow an attacker to send malicious responses to DNS requests made by vulnerable clients, thereby spoofing or redirecting Internet traffic from legitimate locations. |
| Update/Patch Avaliable | Apply patches:
Microsoft Security Bulletin MS08-020 |
| Vulnerability Details | The vulnerability is due to the Windows DNS Client service predictable transaction ID values in DNS queries, which allows remote attackers to spoof DNS replies. A remote attacker that gained information about DNS client transaction IDs can exploit this issue to send malicious responses to DNS requests. Successful exploitation could allow the attacker to redirect Internet traffic from legitimate locations to an address of his choice. |
Feedback