Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238)

Summary
This host is missing a critical security update according to Microsoft Bulletin MS09-008.
Impact
Successful exploitation could allow attacker to execute specially crafted DNS queries to poison the DNS cache and can redirect traffic by registering WPAD or ISATP in the WINS database pointing to any desired IP address. Impact Level: System
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms09-008.mspx
Insight
- Error in the Windows DNS server may cause it to not properly reuse cached responses. - Error in the Windows DNS server may cause it to not properly cache responses to specifially crafted DNS queries. - Failure in access validation to restrict access when defining WPAD and ISATAP entries.
Affected
Microsoft Windows 2K Server Service Pack 4 and prior. Microsoft Windows 2003 Server Service Pack 2 and prior. Microsoft Windows Server 2008 Service Pack 1 and prior.
References