How to turn off RPC management of DNS on a large scale

How to turn off RPC management of DNS on a large scale

Summary: In an advisory issued earlier today, Microsoft issued several workarounds/mitigations for the Windows DNS server service zero-day attacks, including a recommendation that network admins completely disable remote management of RPC capability for DNS Servers.The recommendation included instructions on registry key edits but if you're in charge of a large-scale Windows shop with numerous domain controllers, Microsoft only gave you the switch but no way to automate the registry changes.

SHARE:

In an advisory issued earlier today, Microsoft issued several workarounds/mitigations for the Windows DNS server service zero-day attacks, including a recommendation that network admins completely disable remote management of RPC capability for DNS Servers.

The recommendation included instructions on registry key edits but if you're in charge of a large-scale Windows shop with numerous domain controllers, Microsoft only gave you the switch but no way to automate the registry changes.

To the rescue comes Jesper Johansson, a former Microsoft security strategist who maintains a must-read blog on Windows security issues.  If you run a Windows server shop, this is a blog entry you want to read before taking off for the weekend. 

Johansson provides a script with step-by-step instructions on turning off RPC management on a large number of domain controllers. "Hopefully this will help people mitigate this problem a bit faster than having to do manual registry changes everywhere," he explained.

It makes me wonder why Microsoft doesn't include these instructions in its own advisories.

Topics: Windows, Microsoft, Networking

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • What is up with Microsoft?

    Microsoft: There's no excuse for this.
    ye
  • This might even break local DNS management

    I'm hearing that the REG key might even break DNS management on Win2003 SP2. I'd recommend using host-based firewall filtering instead.

    http://blogs.zdnet.com/Ou/?p=469
    georgeou