CVE-2007-3898

Name of the Vulnerable Software and Affected Versions: Microsoft Windows 2000 Server version SP4 Microsoft Windows Server 2003 versions SP1 through SP2

Description: The issue concerns the DNS server in the affected Microsoft Windows versions, which uses predictable transaction IDs when querying other DNS servers. This predictability allows remote attackers to spoof DNS replies and poison the DNS cache, potentially facilitating further attack vectors.

Recommendations: For Microsoft Windows 2000 Server SP4, update to a newer service pack or version to mitigate the risk. For Microsoft Windows Server 2003 SP1, consider applying a patch or updating to SP3 or a later version. For Microsoft Windows Server 2003 SP2, consider applying a patch or updating to a later version.