A remote code execution vulnerability exists within Microsoft’s DNS Server service. Utilizing RPC functionality designed for remote management, an attacker is able to anonymously cause a stack-based buffer overflow. This code is executed under the context of SYSTEM, allowing for full system compromise.
eEye Research is currently investigating the vulnerability and active exploitation and will update this ZDT entry as more information becomes available.
BeyondTrust Prevention and Detection:
BeyondTrust's Blink® Personal Edition protects from this vulnerability.
BeyondTrust's Blink® Professional Edition protects from this vulnerability.
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
Since a vendor-supplied patch has been released, the best form of mitigation is to apply MS07-029.
Links:Microsoft Security Advisory (935964)
ISC Handler's Diary
Public PoC Code Disclosure (Reverse Shell)