The zero-day bug in the Domain Name System (DNS) Server Service in Windows 2000 Server SP4 and Windows Server 2003 SP1 and SP2 was confirmed by Microsoft late on Thursday.
Symantec Corp. warned Saturday that the Metasploit Project had released a public exploit for the vulnerability. "The release of this exploit greatly increases the chance of widespread exploitation of this issue before a patch is made available," warned Symantec. Although Microsoft seems to be all over this vulnerability, a patch is in the works.
If a bot Trojan horse managed to get onto a client via the patched but still attacked animated cursor bug, for example, the botnet controller could use that compromised PC to hijack the local domain controller.
Full Story
No comments:
Post a Comment