Right at the heel of Microsoft releasing its slew of patches, another vulnerability has been released. Microsoft didn't delay getting into action, releasing an advisoryfor it almost immediately. This time, the vulnerability lies within theDomain Name System (DNS) Server Service affecting the server line ofMicrosoft's operating systems. The vulnerability allows the attacker torun code remotely in the security context of DNS Server Service, whichby default is SYSTEM.
Symantec Security Response have analyzed a sample of the proof-of-concept code and have released Bloodhound.Exploit.136signatures to detect threats that utilize this vulnerability. Thisdetection is available starting with Rapid Release virus definitionsversion 04/13/2007 rev.53.
At this point, we have not seen this vulnerability being activelyexploited, but have received reports of exploitation via other organizations.Since Microsoft has not yet released a fix for this issue, we urgecustomers to update their security products. We also ask administratorsof networks and DNS servers to apply the mitigation solutions providedby Microsoft in its advisory.