CVE-2009-0233

Name of the Vulnerable Software and Affected Versions Windows DNS Server versions in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008

Description The issue concerns the DNS Resolver Cache Service in Windows DNS Server. When dynamic updates are enabled, the service does not properly reuse cached DNS responses, making it easier for remote attackers to predict transaction IDs and poison caches. This can be achieved by simultaneously sending crafted DNS queries and responses.

Recommendations For Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, consider disabling dynamic updates until a patch is available to prevent cache poisoning attacks. Restrict access to the DNS Server to minimize the risk of exploitation. Avoid using the DNS Resolver Cache Service until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.