New KB article to help deploy DNS remote RPC block workaround throughout enterprise

Hi everyone.  Jonathan from the SWI team here.  Christopher asked me to write a guest blog entry introducing and providing some background on a new KB article that we published a few minutes ago.

We have seen lots of activity in the security community about the registry key workaround we published in Security Advisory 935964.  As a reminder, the DNS service listens on RPC over TCP, RPC over named pipes, and LPC.  The workaround changes this behavior to listen on LPC only to block any possibility of remote attacks.  We know that this has an impact on remote administration requiring a terminal services or console logon to use any admin tools.  I assure you that we’re working as fast as we can to get a well tested, comprehensive security update out to you all, which addresses the issue.  In the meantime, the workaround is good protection against the attacks we’ve seen so far.

As I was saying, there’s a lot of chatter in the security community around this issue.  One of our friends, Jesper Johansson, had a great idea and posted a script to his blog that helps deploy the workaround to all domain controllers in an enterprise.  Our PSS team took his idea, added some error handling to it, and built it into a KB, which we hope will be useful to you, in protecting against this vulnerability and limiting your attack surface in general on those servers that do not require remote DNS service management.

You can find the KB at

We continue to monitor the situation and will update you with new information on this situation via the blog.



* This posting is provided “AS IS” with no warranties, and confers no rights. *