provided in this site is provided "as is" without warranty
of any kind. Microsoft Corporation disclaims all warranties,
either express or implied, including the warranties of merchantability
and fitness for a particular purpose. In no event shall
Microsoft Corporation or its suppliers be liable for any
damages whatsoever including direct, indirect, incidental,
consequential, loss of business profits or special damages,
even if Microsoft Corporation or its suppliers have been
advised of the possibility of such damages. Some states do
not allow the exclusion or limitation of liability for consequential
or incidental damages so the foregoing limitation may not
apply. Furthermore, this information is only listed as a
resource for such information by Whiptech. Whiptech is in
no way responsible for the use or misuse of the information
by anyone, anywhere, at anytime.
Microsoft Patch Disclosure - August 2006
Microsoft Security Bulletin MS06-041
Vulnerabilities in DNS Resolution Could Allow Remote Code Execution (920683)
Winsock Hostname Vulnerability - CVE-2006-3440:
Mitigating Factors for Winsock Hostname Vulnerability
Published: August 8, 2006
Microsoft Severity Rating: Critical
This patch addresses two separate issues in Microsoft's implementation of DNS. CVE-2006-3440 is a remote code execution in Winsock that allows for remote code to be executed when a user is tricked into opening a file or visiting a maliciously crafted website.
The second issue, CVE-2006-3441, is a DNS Client Buffer Overrun Vulnerability that allows for remote code to be executed.
Both of these issues are serious, but there are some mitigation steps that can be taken for those that are not able to immediately install the patch. For CVE-2006-3440, Microsoft suggests editing your registry to remove the attack vectors; for CVE-2006-3441, you can block specific DNS record types at your gateway. While these are useful short term mitigations, they do not solve the actual vulnerability so it is recommended that this patch be installed.
The vulnerability could be exploited by an attacker who persuaded a user to open a specially crafted file or view a specially crafted website. There is no way for an attacker to force a user to open a specially crafted file, except potentially through previewing an e-mail message.
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack
Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows
Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition