It seems there is a little problem with Microsoft’s DNS server that can allow an attacker to remotely compromise a Windows based DNS server. 

The vulnerability in the Microsoft DNS server service is prone to a stack based buffer-overflow in its Remote Procedure Call (RPC) Interface. The overflow if exploited by an attacker can run arbitrary code in the context of the DNS server service. The DNS server service normally runs in the LocalSystem context.

Successful exploitation will result in complete machine compromise. The issue affects the DNS server service which is part of Windows 2000 Server SP4, Windows 2003 SP1 and SP2. The issue does not affect the desktop versions of Windows.

Now there are working exploits for this vulnerability including a MetaSploit version, there is no vendor supplied patch available, and unless this gets widely exploited don’t expect one till next month at the earliest. If you have Windows based DNS servers connected to the Internet, then we recommend having them protected by some form of IDS/IPS arrangement.

Microsoft have released an advisory about the issue here, along with the proof of concept MetaSploit exploit here. It does look like there is some active exploitation as it seems this issue was picked up by the SANS ISC people a couple of days ago.

Add this page to your favorite Social Bookmarking websites