Preemptive Protection against Microsoft Windows DNS Client Spoofing Vulnerability (MS08-020)
| Check Point Reference: | CPAI-2008-052 | |
| Date Published: | ||
| Severity: | ||
| Source: | Microsoft Security Bulletin MS08-020 | |
| Industry Reference(s): | CVE-2008-0087 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Microsoft Windows 2000 SP4 Windows XP SP2 Windows XP Professional x64 Edition Windows XP Professional x64 Edition SP2 Windows Server 2003 SP1 Windows Server 2003 SP2 Windows Server 2003 x64 Edition Windows Server 2003 x64 Edition SP2 Windows Server 2003 with SP1 (Itanium) Windows Server 2003 with SP2 (Itanium) Windows Vista Windows Vista x64 Edition | ||
| Vulnerability Description A DNS Spoofing vulnerability has been reported in Microsoft DNS clients. DNS Spoofing allows an attacker to change a DNS entry so it would point to an IP of his own choice. This vulnerability could allow an attacker to send malicious responses to DNS requests made by vulnerable clients, thereby spoofing or redirecting Internet traffic from legitimate locations. |
||
|
Update/Patch Available Apply patches: Microsoft Security Bulletin MS08-020 |
|
|
Vulnerability Details The vulnerability is due to the Windows DNS Client service predictable transaction ID values in DNS queries, which allows remote attackers to spoof DNS replies. A remote attacker that gained information about DNS client transaction IDs can exploit this issue to send malicious responses to DNS requests. Successful exploitation could allow the attacker to redirect Internet traffic from legitimate locations to an address of his choice. |
Protection Overview
By enabling this protection, SmartDefense will protect the corporate DNS server by scrambling the source port and query ID number of each DNS request, making it significantly harder to spoof such requests. No update is required to address this vulnerability.
Users are protected against this vulnerability if the Protection against DNS Server Spoofing addressed in CPAI-2007-133 has been applied.
To configure the defense, select your product from the list below and follow the related protection steps.