PT-2008-1742 · Microsoft · Windows 2000+4
Published
2008-04-08
·
Updated
2024-02-14
·
CVE-2008-0087
CVSS v2.0
8.8
High
| Vector | AV:N/AC:M/Au:N/C:N/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Microsoft Windows versions prior to the fixed version
Description
A spoofing issue exists in the Windows DNS client, allowing unauthenticated attackers to send malicious responses to DNS requests, thereby spoofing or redirecting Internet traffic from legitimate locations. The DNS client uses predictable DNS transaction IDs, which enables remote attackers to spoof DNS responses.
Recommendations
For Microsoft Windows 2000 SP4, update to a version that includes the fix for this issue.
For Microsoft Windows XP SP2, update to a version that includes the fix for this issue.
For Microsoft Windows Server 2003 SP1 and SP2, update to a version that includes the fix for this issue.
For Microsoft Windows Vista, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting DNS client usage to minimize the risk of exploitation.
Fix
Use of Insufficiently Random Values
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Windows
Windows 2000
Windows Server 2003
Windows Vista
Windows Xp