Monday, April 11, 2005

Security Alert: Microsoft issues DNS poisoning advisory

After the Internet Storm Center raised its warning level over the pharming-related vulnerability the software behemoth updated its advice for people running Windows servers...

DNS cache poisoning involves the practice of hacking into domain name servers and replacing the numeric addresses of legitimate Web sites with the addresses of malicious sites. The scheme typically redirects Internet users to bogus Web pages where they may be asked for sensitive information or have spyware installed on their PCs, an online assault that has also become known as pharming.
On Windows 2000 SP3 and above, the DNS server DOES protect against DNS cache pollution by default. The registry key to protect against the poisoning is not necessary: the value is TRUE if the registry key does not exist. Microsoft has now corrected the KB article that we published earlier with this information.
On Windows 2000, you should manage the DNS cache protection security setting through the DNS Management Console. On Windows 2000 below SP3, the "Secure cache against pollution" is not the default so you should enable it using the DNS Management Console. On Windows 2000 SP3 and above (and Windows 2003), the secure setting is the default (even if the registry key does not exist).
Our recommendation is to only set the registry key (HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters) on Windows NT4. Otherwise, use the DNS Management Console. If you are on Windows 2000 and you created the key already, you are safe to leave it in place as long as the value is "1".

More info about How to prevent DNS cache pollution .

No comments: