Microsoft Windows Knowledge Base Article 945553 update not installed (WinMs08kb945553Update)

Vuln ID: 41481
Risk Level: Low risk vulnerability  Low WinMs08kb945553Update
Platforms: Microsoft Windows 2003 Server: SP2, Microsoft Windows 2003 Server: SP2 Itanium, Microsoft Windows Vista, Microsoft Windows XP: SP2 x64-Professional, Microsoft Windows Vista: x64, Microsoft Windows 2003 Server: SP2 x64, Microsoft Windows 2003 Server: SP1, Microsoft Windows 2003 Server: SP1 Itanium, Microsoft Windows XP: x64-Professional, Microsoft Windows XP: SP2, Microsoft Windows 2000: SP4, Microsoft Windows 2003 Server: x64
Description:

Microsoft Windows Knowledge Base Article 945553 update is not installed on the system, which could allow an attacker to exploit the following vulnerability:

The Microsoft Windows DNS client service could allow a remote attacker to spoof DNS responses. The Windows DNS client service fails to provide an adequate amount of entropy in randomization of transaction IDs when querying an upstream DNS server. An attacker could exploit this vulnerability to obtain sensitive information and redirect Internet traffic to any server of the attacker's choosing.
Remedy:

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS08-020. See References.
False Positives:
False Negatives:
Required Permission: Windows login
Additional Information:

References:

Microsoft Security Bulletin MS08-020
Vulnerability in DNS Client Could Allow Spoofing (945553)
http://www.microsoft.com/technet/security/Bulletin/MS08-020.mspx

IBM Internet Security Systems X-Force Database
Microsoft Windows DNS client spoofing
http://xforce.iss.net/xforce/xfdb/41480

ISS X-Force
Microsoft Windows Knowledge Base Article 945553 update not installed
http://www.iss.net/security_center/static/41481.php

CVE CVE-2008-0087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0087
X-Force Logo
Know Your Risks		 Mitre.org CVE Logo
Common Vulnerabilties & Exposures