<< Back
CVE Number Vulnerability Product Severity Date
MS09-008 Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238) DNS server Critical 11-03-2009

Technical Information

Brief overview of the risk:
This security update resolves two privately reported vulnerabilities and two publicly disclosed vulnerabilities in Windows DNS server and Windows WINS server. These vulnerabilities could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems.
Detailed Information on the risk:
A spoofing vulnerability exists in Windows DNS server. This vulnerability could allow a remote unauthenticated attacker to quickly and reliably spoof responses and insert records into the DNS server’s cache, thereby redirecting Internet traffic. Further information on this exploit is available at : MS09-008

Affected Software

DNS server on Microsoft Windows 2000 Server Service Pack 4
DNS server on Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
DNS server on Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
DNS server on Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
DNS server on Windows Server 2008 for 32-bit Systems
DNS server on Windows Server 2008 for x64-based Systems
WINS server on Microsoft Windows 2000 Server Service Pack 4
WINS server on Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
WINS server on Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
WINS server on Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2