Microsoft Windows Domain Name Server Service Vulnerability Plugin
Today, Tenable's research group released a remote Nessus plugin check (ID #25035) for a new vulnerability in Microsoft DNS servers. Microsoft has released a security advisory with details of the vulnerability and Tenable has confirmed the issue with an exploit in our lab.
To exploit this flaw, an attacker needs to connect to the DNS server RPC interface and send a malformed RPC query. Until a patch is available, all Microsoft RPC queries to effected DNS servers should be prevented from potential attackers.
This plugin is currently available to Nessus Direct Feed subscribers. Direct Feed subscriptions include access to the latest vulnerability checks, the ability to have Nessus perform agent-less configuration and content audits and technical support.
Security researchers interested in this type of Windows RPC security vulnerability should also find Tenable's mIDA plugin for IDA Pro also useful.