Once upon a time there were rules.

One - there was code and there was data.

A process shall not write code nor execute data!

The operating system enforced the rule. A buffer overflow would cause the offending process to be aborted - annoying but intrusive code could not be executed.

Two - no application process shall run as God!

I just came home from the local electronics store and, to be quite honest, had the most terrible time with the demo units and their pre-installed copies of Vista. Now I'm no idiot, having been in IT for over twenty years , but ye gods! What in the name of heaven did MS do to this release?! Its so slow and frankly more confusing than I cared to admit. After playing around, and thats what I do with every OS and their releases, I can honestly say there isn't much reason to move to this. The only sales this will likely get are the usual OEM copies that are regretably forced on the ignorant purchaser.

Without wishing to minimise Microsoft's responsibility for this issue, I'd be horrified if any of my customers had servers with RPC ports exposed on the Internet. Any such configuration is just cruisin for a bruisin, IMHO.

If you need to allow remote management of your systems via the Internet, at least restrict access to an 'allow' list of addresses or (more flexibly) use a method that supports strong authentication, such as a VPN.

"Once upon a time there were rules.

One - there was code and there was data.

A process shall not write code nor execute data!

The operating system enforced the rule. A buffer overflow would cause the offending process to be aborted - annoying but intrusive code could not be executed.

Two - no application process shall run as God!" ....... DavidN

Ergo Three Resolving One and Two ..... no application of shall not write code nor execute data shall run as God.

A Process executes Coded Data...Binary Signals ......Quantum Communication........ as a God is not Impossible but is IT Enough whenever there are So Many Goddesses. Virgin Nymphs in a State of Glorious Grace. Mary's Love ReBorn in ITs Worship.

"The name resolution functionality of the DNS service exposed over port 53 is not vulnerable to this attack."

This means while the RPC input can be exploited, any server sitting behind a firewall is safe as the firewall blocks RPC requests from the outside. You're JUST running a server? Don't panic and wait for a tested fix.

How you really want to take advantage of this vulnerability is to infect a workstation on the same side of the firewall as the DNS server. And, well, we can stop those before the fact. I did this for four years with a 0% infection track record.