First published on TechNet on Apr 16, 2007
[Today's post comes to us courtesy of Mark Stanfill]
If you're running SBS, you should be aware of a new vulnerability and how to mitigate it. First, the references:
Main KB article:
http://support.microsoft.com/default.aspx/kb/935964
Microsoft Security Advisory:
http://www.microsoft.com/technet/security/advisory/935964.mspx
Others have covered this (
here
and
here
), but I wanted to weigh in as well. The security advisory walks you through the steps (set HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDNSParametersRpcProtocol to 4 and restart the DNS Server service) in detail.
All SBS customers should implement this change as soon as possible.
All SBS servers run DNS by default.
The advisory also advises that you block "TCP and UDP port 445 as well as all unsolicited inbound traffic on ports greater than 1024". The key word here is
unsolicited
. Obviously, you don't want to block port 3389 for RDP or 4125 for RWW, etc. if you are publishing those services.
