Microsoft’s advisories giving clues to hackers

The latest zero-day flaw in the Windows DNS Server RPC interface implementation is a perfect example of the tug-o-war within the MSRC (Microsoft Security Response Center) about how much information should be included in the pre-patch advisory.

Using clues in the workarounds section of the advisory, Errata Security researcher David Maynor said he was able to pinpoint the source of the vulnerability without much trouble.

"It took about an hour from setup to shell on Windows 2000," Maynor said in an interview. "On Windows 2000, there are only five functions accessible over RPC. You combine combine that with their [Microsoft's] description of it being a stack overflow, it narrows the time to find down greatly."

"This is such an easy bug — most of the people I talked to already had it figured out as well," Maynor added. "It was simple to find and Microsoft screwed up by giving out too much information in the advisory."

Maynor wasn't the only hacker paying attention to Microsoft's description of the vulnerability. Over the weekend, several different exploits providing step-by-step instructions to launch attacks surfaced on well-known security research sites and hacking tools.