Zero-Day Alert: Microsoft DNS RPC

Microsoft DNS Servers are currently being attacked by a zero-day stack-based buffer overflow.  eEye Research is currently investigating the vulnerability and exploitation.  The most current information is available at the eEye Zero-Day Tracker.  DNS administrators are urged to use the referenced mitigation techniques provided by Microsoft until a patch or another form of mitigation is available.

.ANI Patch Update

Hey Everyone,

Just wanted to give a heads up regarding the .ANI patch.  We have noticed a bypass for our patch posted to milw0rm.  We have since updated the patch to protect from this bypass and version 1.1 was available April 1.

Also, be sure to cancel any plans you had for Tuesday as Microsoft is releasing an out-of-band patch for this vulnerability.  Since this will be affecting all supported Windows platforms (including Vista) administrators can look forward to two fun Patch Tuesdays in a row.