Summary
This host is missing a critical security update according to Microsoft Bulletin MS08-020.
Impact
Successful exploitation could allow remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks.
Impact Level: System
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/bulletin/ms08-020.mspx
Insight
The flaws are due to the Windows DNS client using predictable transaction IDs in outgoing queries and can be exploited to poison the DNS cache when the transaction ID is guessed.
Affected
Microsoft Windows 2K/XP/2003/Vista
References
Severity
Classification
-
CVE CVE-2008-0087 -
CVSS Base Score: 8.8
AV:N/AC:M/Au:N/C:N/I:C/A:C
Related Vulnerabilities
- Microsoft DirectShow Remote Code Execution Vulnerability (2929961)
- Bluetooth Stack Could Allow Remote Code Execution Vulnerability (951376)
- Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906)
- Cumulative Patch for Internet Information Services (Q327696)
- Cumulative Security Update for Internet Explorer (953838)