Location: List Archives

List Archives

This forum is an archive of all posts to our mailing list over the past few years.  The forum is set read only therefore to contribute you will need to join our list community.  See more info about this here.

 

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Forums >ActiveDir Mail List Archive >List Archives
Subject: [ActiveDir] Microsoft Security Advisory (971888): Update for DNS Devolution:
Prev Next
You are not authorized to post a reply.

AuthorMessages
sbradcpaUser is Offline

Posts:496

06/09/2009 7:07 PM  
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body bgcolor="#ffffff" text="#000000">
Microsoft Security Advisory (971888): Update for DNS Devolution:

<a class="moz-txt-link-freetext" href="http://www.microsoft.com/technet/security/advisory/971888.mspx">http://www.microsoft.com/technet/security/advisory/971888.mspx</a>



<p>Microsoft is announcing the availability of an update to DNS
devolution that can help customers in keeping their systems protected.
Customers whose domain name has three or more labels, such as
"contoso.co.us", or who do not have a DNS suffix list configured, or
for whom the following mitigating factors do not apply may
inadvertently be allowing client systems to treat systems outside of
the organizational boundary as though they were internal to the
organization's boundary.</p>
<p>Mitigating Factors:</p>
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td class="listBullet" valign="top">•</td>
<td class="listItem">
<p>Customers who are joined to a domain and have a DNS suffix
search list configured on their system are not at risk of inadvertently
treating external systems as though they were internal. Microsoft
encourages all enterprise customers to set DNS suffix search lists on
client systems in order to ensure all DNS queries stay within
organizational boundaries.</p>
</td>
</tr>
<tr>
<td class="listBullet" valign="top">•</td>
<td class="listItem">
<p>In most cases, home users who are not members of a domain do
not use DNS devolution and therefore are not exposed to this risk. Home
users who are not members of a domain but have configured a primary DNS
suffix, however, do use DNS devolution and are at risk of inadvertently
treating external systems as though they were internal.</p>
</td>
</tr>
<tr>
<td class="listBullet" valign="top">•</td>
<td class="listItem">
<p>Customers whose DNS domain name consists of two labels are not
exposed to this risk. An example of a customer who is not affected is
contoso.com or fabrikam.gov, where "contoso" and "fabrikam" are
customer registered domain names under their respective ".com" and
".gov" top-level domains (TLDs).</p>
</td>
</tr>
</tbody>
</table>




</body>
</html>

You are not authorized to post a reply.
Forums >ActiveDir Mail List Archive >List Archives > [ActiveDir] Microsoft Security Advisory (971888): Update for DNS Devolution:



ActiveForums 3.7
Friends

Friends

VisualClickButoton
Members

Members

MembershipMembership:
Latest New UserLatest:MrPTSai
New TodayNew Today:0
New YesterdayNew Yesterday:0
User CountOverall:5234
People OnlinePeople Online:
VisitorsVisitors:44
MembersMembers:0
TotalTotal:44
Online NowOnline Now:

Ads

Copyright 2009 ActiveDir.org
Terms Of Use