XP Users Beware of NSlookup.exe Vulnerability

by Frank Jovine on 08/17/2008 in Computers, Software

Microsoft knew about this exploit and has yet to address the issue or create a patch. I find this totally shocking (sarcasms) that Microsoft is tip toeing through this issue. This vulnerability affects the masses who are using Windows XP SP2 and could be affecting other systems as well.

Microsoft is investigating new public reports of a zero-day Windows vulnerability that’s being exploited as we write this blog.

According to a SecurityFocus alert, the attacks are exploiting a remote code-execution vulnerability due to an unspecified error in NSlookup.exe, the command-line administrative tool used for testing and troubleshooting DNS servers.

Successfully exploiting this issue would allow the attacker to execute arbitrary code on an affected computer. Failed attacks will cause denial-of-service conditions.  Microsoft Windows XP Professional SP2 is vulnerable; other versions and products may also be affected.

According to the alert, the issue is reportedly “being actively exploited” in the wild but details on the attacks are scarce.

A video of a proof-of-concept exploit in action was released by Argentinean researcher Ivan Sanchez.

On its monthly Patch Tuesday Webcast (see transcript), Microsoft’s security response team said it was aware of the flaw report and had started an investigation.  The company has not yet issued a security advisory with workarounds.