Hello I am running Windows Server 2008 R2 - last update = 2-9-2011 (yes I know I should apply SP1 and will at next Prod Maintenence Window) 2 peer-to-peer GCs (running AD/DNS) - I get one vulnerability on the DNS The recommended solution points to an open source code - which I never loaded anything except added the server roles AD and DNS 2 Questions: 1 - Does microsoft have a link to a position on this? (please provide) 2 - If SP1 does fix this - (And I have no research results saying it does) is there a link I can read that states it prior to the update effort? - which also will allow me to give feedback to the McAfee scanner person. Thank you, Here is the actual output from the McAfee report -------------------------------------------------------------------------------------- Description: An query spoofing vulnerability is present in some versions of PowerDNS. Recommendation: The vendor has released an advisory describing a workaround and a fix that can be applied to mitigate this issue. More information can be found at: http://doc.powerdns.com/powerdns-advisory-2008-02.html Observation: PowerDNS is a Domain Name System (DNS) server. An query spoofing vulnerability is present in some versions of PowerDNS. A flaw is present in the server, which drops certain malformed DNS queries. Successful exploitation could allow an attacker to spoof data. Common Vulnerabilities & Exposures (CVE) Link: CVE-2008-3337 IAVA Reference Number

Hello, The recommended solution points to an open source code - which I never loaded anything except added the server roles AD and DNS 2 Questions: 1 - Does microsoft have a link to a position on this? (please provide) Who pointed you to an open source solution. If you have a problem with this source then you have to contact their developers. This is not a Microsoft product so there is no hotfix that is released by Microsoft. Please contact the solution developer for Technical assistance. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator

The McAfee pointed to the open source fix. I have NOT loaded anything - as I said - other than installing AD and DNS Server 2008R2 roles. The PowerDNS Vulnerabilty as recognized by the McAfee scan could be wrong. I do not know. So there is no Microsoft position on this?

Mr X says "This is not a Microsoft product so there is no hotfix that is released by Microsoft. Please contact the solution developer for Technical assistance." rs120P says "Just to be clear - this is the server2008R2 Microsoft DNS product - and I am trying to contact the provider" Thank you

So, in your case I would qualidy that as a false alert. Contact McAfee Technical Support for more information. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator