Zero day flaw hits Windows DNS

Posted by Mark Raby

Boston (MA) - A new worm has been discovered by Internet security company Sophos, which it says can make computers vulnerable to remotely controlled attacks.

The unpatched hole affects the Windows DNS server interface and its Remote Procedure Call (RPC).  The worm, dubbed W32/Delbot-AI, can exploit the server by sending corrupt RPC packets.

The worm allows hackers to gain remote access to affected PCs.  Microsoft says most versions of Windows 2000, Windows Server 2003, and Windows XP are open to the hack.  Vista does not contain the vulnerable code, said the software company in a security advisory.

In addition, W32/Delbot-AI can exploit a small vulnerability in a handful of Symantec anti-virus software titles.  However, a patch that was released a year ago from Symantec will prevent the attack.