|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
|
Microsoft Corporation Information for VU#109475
| Date Notified: | 2001-07-23 |
| Date Updated: | |
| Statement Date: | |
| Status Summary: | Vulnerable |
Vendor StatementLike [CERT] noted, this issue is addressed by a configuration change in
the registry, as noted at:
http://support.microsoft.com/support/kb/articles/Q241/3/52.ASP
That configuration change addresses the issue that this [note] is
reporting.
Currently, this is configuration setting is set to disabled by
default, based on the performance penalties this introduces.
However, we are making performance improvements and we are planning
to change this default so that this is enabled by default starting
with Service Pack 3 and with Windows .Net Server.
We believe that this is a configuration issue rather than a
vulnerability. The means to change this behavior is publicly
documented and has been available via the KB article. Because there
is a performance penalty with this change currently, customers have
to make an informed risk assessment of the benefits of enabling this
feature and the drawbacks. We're working to improve the performance
to a point where we feel comfortable making this enabled by default.
However, this change is a change in configuration settings and not a
change in the product itself.Vendor InformationThe vendor has not provided us with any further information regarding this vulnerability.
AddendumPlease see additional information at:
http://www.microsoft.com/WINDOWS2000/en/server/help/sag_DNS_pro_SecureCachePollutedNames.htm
http://msdn.microsoft.com/library/en-us/regentry/46753.asp
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
 |
