According to several sources, there are now worms out there that exploit the recent vulnerability found from the Windows DNS server. What’s worse, this security threat isn’t restricted to public Windows-based DNS servers, as also internal Windows DNS servers (in intranets) are vulnerable due to the DNS / RPC attack vector. At the time of writing, Microsoft is yet to release a patch so please make sure that you protect your Windows DNS servers as per the advisories issued on this topic.

For more info on attack codes and worms exploiting this vulnerability, please visit the following links:

• “DNS Vulnerability being Exploited in the Wild” by Symantec
• “RPC DNS Worm Spotted in The Wild” by McAfee

Please make sure your own DNS servers are protected, as this vulnerability may also be used for DDoS attacks whose impact will not be restricted to your organization.