How to turn off RPC management of DNS on a large scale

In an advisory issued earlier today, Microsoft issued several workarounds/mitigations for the Windows DNS server service zero-day attacks, including a recommendation that network admins completely disable remote management of RPC capability for DNS Servers.The recommendation included instructions on registry key edits but if you're in charge of a large-scale Windows shop with numerous domain controllers, Microsoft only gave you the switch but no way to automate the registry changes.

In an advisory issued earlier today, Microsoft issued several workarounds/mitigations for the Windows DNS server service zero-day attacks, including a recommendation that network admins completely disable remote management of RPC capability for DNS Servers.

The recommendation included instructions on registry key edits but if you're in charge of a large-scale Windows shop with numerous domain controllers, Microsoft only gave you the switch but no way to automate the registry changes.

To the rescue comes Jesper Johansson, a former Microsoft security strategist who maintains a must-read blog on Windows security issues.  If you run a Windows server shop, this is a blog entry you want to read before taking off for the weekend. 

Johansson provides a script with step-by-step instructions on turning off RPC management on a large number of domain controllers. "Hopefully this will help people mitigate this problem a bit faster than having to do manual registry changes everywhere," he explained.

It makes me wonder why Microsoft doesn't include these instructions in its own advisories.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All