Most of you have probably read new (published few days ago) security advisory with number 935964 published by Microsoft. For those who haven’t read it I think it is worth to take a look as this is about security problem in DNS service, which is quite common in Microsoft directory services world.

Flaw in this service allows attacker to remotely executed code at DNS server through sending specially crafted RPC packet to server. RPC is not very wide (at leas it should not be) service in Interent, but in our AD LAN networks probably it is open and available for attacker on our DNS server. As a mitigation factor we can disable RPC management interface on DNS server as Jasper is showing it on his blog (security advisory also provides this workaround). Exploit code for this flaw was published on the Internet so it might be a good idea to apply this solution in our networks.