Update for DNS Devolution

Microsoft Security Advisory (971888)

Update for DNS Devolution

Published: June 09, 2009
Version: 1.0
Microsoft is announcing the availability of an update to DNS devolution that can help customers in keeping their systems protected. Customers whose domain name has three or more labels, such as "contoso.co.us", or who do not have a DNS suffix list configured, or for whom the following mitigating factors do not apply may inadvertently be allowing client systems to treat systems outside of the organizational boundary as though they were internal to the organization's boundary.
Mitigating Factors:
Customers who are joined to a domain and have a DNS suffix search list configured on their system are not at risk of inadvertently treating external systems as though they were internal. Microsoft encourages all enterprise customers to set DNS suffix search lists on client systems in order to ensure all DNS queries stay within organizational boundaries.
In most cases, home users who are not members of a domain do not use DNS devolution and therefore are not exposed to this risk. Home users who are not members of a domain but have configured a primary DNS suffix, however, do use DNS devolution and are at risk of inadvertently treating external systems as though they were internal.
Customers whose DNS domain name consists of two labels are not exposed to this risk. An example of a customer who is not affected is contoso.com or fabrikam.gov, where "contoso" and "fabrikam" are customer registered domain names under their respective ".com" and ".gov" top-level domains (TLDs).

Comments

Popular posts from this blog

How To Add Print Button to Blogger Posts

INSTALL CISCO VPN CLIENT ON WINDOWS 10 (32 & 64 BIT). FIX REASON 442