Internet Security Systems' X-Force has discovered three separate vulnerabilities in the code of the The Microsoft DNS client and this stems from an internal library files supplied with Windows that is used to resolve domain names to IP addresses.
"The Microsoft DNS client flaws discovered by X-Force are of particular concern because the vulnerable DNS client is installed on all current Windows platforms," said Alain Sergile, technical product manager of X-Force, the research division of Internet Security Systems. “Through these vulnerabilities, an attacker can answer a DNS query with a malicious response, triggering a heap corruption and gaining complete, unauthorised control of an affected machine.”
The unique capability of X-Force in all ISS products and services can preemptively protect customers from the world’s most dangerous security events before impact. X-Force has consistently rivalled independent researchers and other security vendors with its cutting-edge vulnerability discoveries, since its inception in 1997.
Comment Preview