Hackers exploiting unpatched Windows DNS bug

Just a few days after Microsoft issued its customary round of Patch Tuesday fixes, the company has revealed that hackers are now exploiting a yet-unpatched DNS vulnerability. "An anonymous attacker could try to exploit the vulnerability by sending a specially crafted RPC packet to an affected system," Microsoft said in a security advisory. Some security experts are deeming the bug "critical," though it is only being used in limited attacks for the time being. "Customers are advised to…apply the appropriate work-arounds as soon as possible, in the event that the attacks become more widespread," Symantec said in an alert to its security subscribers. The effected versions of Windows are as follows: Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2.

For more on the exploit:
- see this ZDnet article
- and this security advisory from Microsoft