If you are not aware yet, there is a serious vulnerability in the Windows 2000/2003 DNS server service. Current solutions involve changing a registry key so the DNS service can no longer be managed over TCP.
Before you get in a panic – This flaw only affects 2000, and 2003 servers that have had the DNS service installed.
Still, Microsoft has not released a patch yet. Microsoft teams are working on developing and testing 133 separate updates. One in every language for every currently supported version of Windows servers. Each of these has to be tested to ensure they effectively protect against the vulnerability. Because DNS is a critical part of the networking infrastructure, they also have to be tested to ensure that changes introduced by the updates don’t pose a greater risk than the security issue we have already.
The latest estimates by Microsoft indicate that a patch will be released by May 8th.
