CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
MS08-037 | Vulnerabilities in DNS Could Allow Spoofing (953230) | Microsoft Windows | Critical | 09-07-2008 |
Technical Information
Brief overview of the risk:
This security update resolves two privately reported vulnerabilities in the Windows Domain Name System (DNS) that could allow spoofing. These vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker
Detailed Information on the risk:
A spoofing vulnerability exists in Windows DNS client and Windows DNS server. This vulnerability could allow a remote unauthenticated attacker to quickly and reliably spoof responses and insert records into the DNS server or client cache, thereby redirecting Internet traffic.Further information on this exploit is available at : MS08-037
Affected Software
Microsoft Windows 2000 Service Pack 4Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for x64-based Systems