Security Advisory

Microsoft Security Advisory 935964

Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution

Published: April 12, 2007 | Updated: May 08, 2007

Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS07-029 to address this issue. For more information about this issue, including download links for an available security update, please review MS07-029. The vulnerability addressed is the DNS RPC Management Vulnerability - CVE-2007-1748.



The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.


  • April 12, 2007: Advisory published.
  • April 13, 2007: Advisory updated to include additional details about Windows Small Business Server. Mitigations also updated to include additional information regarding the affected network port range and firewall configuration. Additional details also provided for registry key mitigation values.
  • April 15, 2007: Advisory “Suggested Actions” section updated to include additional information regarding TCP and UDP port 445 and the 15 character computer name known issue.
  • April 16, 2007: Advisory updated: Ongoing monitoring indicates that we are seeing a new attack that is attempting to exploit this vulnerability.
  • April 19, 2007: Advisory updated: To provide information on Windows Live OneCare malware detection capability and to clarify that the registry key workaround provides protection to all attempts to exploit this vulnerability. Advisory also updated to provide additional data regarding exploitability through port 139.
  • May 8, 2007: Advisory updated to reflect publication of security bulletin.

Built at 2014-04-18T13:49:36Z-07:00