News

Microsoft Preps DNS Mega-Patch

Don't look now, but Microsoft Corp. is prepping still another mega-patch, this time for the Windows DNS vulnerability it first disclosed last week.

Don't look now, but Microsoft Corp. is prepping still another mega-patch, this time for the Windows DNS vulnerability it first disclosed last week.

Like another recent patch -- an early April update which patched a bevy of Windows GDI vulnerabilities -- Microsoft could conceivably release its DNS fix as an out-of-band update. As of now, Redmond expects to release the fix as part of its normal May 8 Patch Tuesday update process, but that could change as circumstances develop.

"While we don't have a firm estimate on when we'll complete our development and testing of updates for this issue, we have teams around the world working on it twenty-four hours a day, and hope to have updates no later than May 8, 2007, for the May monthly bulletin release," wrote Christopher Budd on the Microsoft Security Response Center (MSRC) blog. "However, this is a developing situation, and we are constantly evaluating the situation and the status of our development and testing of updates."

If the scope of Microsoft's patching effort is as involved as Budd says, the software giant will probably need every minute between now and May 8 to test and validate its proposed fix. "For this issue, our teams are working on developing and testing 133 separate updates: one in every language for every currently supported version of Windows servers," Budd wrote.

The vulnerability impacts both Windows 2000 Server and Windows Server 2003. Windows 2000 Professional and Windows XP (all versions) aren't susceptible.

"Each of these has to be tested to ensure they effectively protect against the vulnerability. Because DNS is a critical part of the networking infrastructure, they also have to be tested to ensure that changes introduced by the updates don't pose a greater risk than the security issue we're addressing," he wrote.

As of yesterday, Microsoft had confirmed the existence of four separate software exploits, none of which automatically propagates, Budd confirmed. Elsewhere, the software giant added port 139 to the list of ports it recommends that customers block in accordance with its recommended firewall and IPSec workarounds.

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.