PT-2008-1742 · Microsoft · Windows 2000+4
Publicado
2008-04-08
·
Atualizado
2024-02-14
·
CVE-2008-0087
CVSS v2.0
8.8
Alta
| Vetor | AV:N/AC:M/Au:N/C:N/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Microsoft Windows versions prior to the fixed version
Description
A spoofing issue exists in the Windows DNS client, allowing unauthenticated attackers to send malicious responses to DNS requests, thereby spoofing or redirecting Internet traffic from legitimate locations. The DNS client uses predictable DNS transaction IDs, which enables remote attackers to spoof DNS responses.
Recommendations
For Microsoft Windows 2000 SP4, update to a version that includes the fix for this issue.
For Microsoft Windows XP SP2, update to a version that includes the fix for this issue.
For Microsoft Windows Server 2003 SP1 and SP2, update to a version that includes the fix for this issue.
For Microsoft Windows Vista, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting DNS client usage to minimize the risk of exploitation.
Correção
Use of Insufficiently Random Values
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Windows
Windows 2000
Windows Server 2003
Windows Vista
Windows Xp