Location: List Archives

List Archives

This forum is an archive of all posts to our mailing list over the past few years.  The forum is set read only therefore to contribute you will need to join our list community.  See more info about this here.

 

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Forums >ActiveDir Mail List Archive >List Archives
Subject: Re: [ActiveDir] Microsoft Security Advisory (971888): Update for DNS Devolution:
Prev Next
You are not authorized to post a reply.

AuthorMessages
sbradcpaUser is Offline

Posts:496

06/09/2009 7:16 PM  
*How is this update offered?*
These updates are available on the Microsoft Download Center
<http://go.microsoft.com/fwlink/?LinkId=21129>. Direct links to the
updates for specific affected software are listed in the Affected
Software table in the *Overview* section. For more information about the
update and the changes to behavior, see Microsoft Knowledge Base Article
957579 <http://support.microsoft.com/kb/957579>.

Susan Bradley wrote:
> Microsoft Security Advisory (971888): Update for DNS Devolution:
> http://www.microsoft.com/technet/security/advisory/971888.mspx
>
> Microsoft is announcing the availability of an update to DNS
> devolution that can help customers in keeping their systems protected.
> Customers whose domain name has three or more labels, such as
> "contoso.co.us", or who do not have a DNS suffix list configured, or
> for whom the following mitigating factors do not apply may
> inadvertently be allowing client systems to treat systems outside of
> the organizational boundary as though they were internal to the
> organization's boundary.
>
> Mitigating Factors:
>
> •
>
> Customers who are joined to a domain and have a DNS suffix search list
> configured on their system are not at risk of inadvertently treating
> external systems as though they were internal. Microsoft encourages
> all enterprise customers to set DNS suffix search lists on client
> systems in order to ensure all DNS queries stay within organizational
> boundaries.
>
> •
>
> In most cases, home users who are not members of a domain do not use
> DNS devolution and therefore are not exposed to this risk. Home users
> who are not members of a domain but have configured a primary DNS
> suffix, however, do use DNS devolution and are at risk of
> inadvertently treating external systems as though they were internal.
>
> •
>
> Customers whose DNS domain name consists of two labels are not exposed
> to this risk. An example of a customer who is not affected is
> contoso.com or fabrikam.gov, where "contoso" and "fabrikam" are
> customer registered domain names under their respective ".com" and
> ".gov" top-level domains (TLDs).
>
>
>
You are not authorized to post a reply.
Forums >ActiveDir Mail List Archive >List Archives > Re: [ActiveDir] Microsoft Security Advisory (971888): Update for DNS Devolution:



ActiveForums 3.7
Friends

Friends

VisualClickButoton
Members

Members

MembershipMembership:
Latest New UserLatest:Dallas
New TodayNew Today:1
New YesterdayNew Yesterday:2
User CountOverall:4871
People OnlinePeople Online:
VisitorsVisitors:52
MembersMembers:0
TotalTotal:52
Online NowOnline Now:

Ads

Copyright 2009 ActiveDir.org
Terms Of Use