Microsoft will fix DNS vulnerability on Patch Tuesday

A fix for the DNS vulnerability in Windows 2000 Server and Windows Server 2003 will be included as one of the seven updates scheduled for release from Microsoft on Tuesday.

Microsoft recognized the DNS vulerability about three weeks ago, but had been hesitant about committing to a date for the fix, because it said it needed to test that its patch worked.

This fix had not been specifically mentioned in an earlier list of updates, and only came to light after Micorosft Security Response Centre program manager Christopher Budd confirm the update in a blog post.

“The listing of updates slated for Tuesday does include the (DNS vulnerability) update we’ve been working on,” wrote Budd.

Budd advised server administrators that they would need to uninstall any temporary fixes that they had applied.

Other updates scheduled for Patch Tuesday include another fix for Microsoft Windows (in addition to the DNS vulnerability fix), three updates for Microsoft Office, one update for Microsoft Exchange, and an update for Microsoft CAPICOM and BizTalk.

Microsoft will also release update to the Microsoft Windows Malicious Software Removal Tool

• 

• Microsoft epiphany: Patch Tuesday advance notification needs more detail
• Microsoft no-security-patch statement gives cybercrooks more time
• Microsoft monitoring new Vista vulnerability
• Beware: Zero-day follows Patch Tuesday
• Microsoft drags feet on ANI security fix, may delay release