CVE-2008-0087
First published: Tue Apr 08 2008(Updated: )
The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows 2000 | =sp4 | |
| Microsoft Windows Vista | ||
| Microsoft Windows 2003 Server | =sp1 | |
| Microsoft Windows 2003 Server | =sp2 | |
| Microsoft Windows 2003 Server | =sp1 | |
| Microsoft Windows 2003 Server | =sp2 | |
| Microsoft Windows Vista | ||
| Microsoft Windows NT | =xp-sp2 | |
| Microsoft Windows 2000 | =sp4 | |
| Microsoft Windows Server | =sp1 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows XP | ||
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/28553
- http://www.securitytracker.com/id?1019802
- http://secunia.com/advisories/29696
- http://www.us-cert.gov/cas/techalerts/TA08-099A.html
- http://www.trusteer.com/docs/windowsresolver.html
- http://www.vupen.com/english/advisories/2008/1144/references
- http://marc.info/?l=bugtraq&m=120845064910729&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5314
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-020
- http://www.securityfocus.com/archive/1/490575/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2008-0087?
CVE-2008-0087 is classified as a high-severity vulnerability due to its potential for DNS spoofing attacks.
How do I fix CVE-2008-0087?
To mitigate CVE-2008-0087, you should apply the latest security updates and patches provided by Microsoft for affected Windows versions.
Which systems are affected by CVE-2008-0087?
CVE-2008-0087 affects Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista.
What kind of attacks can exploit CVE-2008-0087?
CVE-2008-0087 allows remote attackers to perform DNS spoofing, which can redirect users to malicious sites.
Is there a workaround for CVE-2008-0087?
As a temporary workaround for CVE-2008-0087, consider using alternative DNS services to mitigate potential exploitation.
- agent/references
- agent/type
- agent/remedy
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/microsoft
- canonical/microsoft windows 2000
- version/microsoft windows 2000/sp4
- canonical/microsoft windows vista
- canonical/microsoft windows 2003 server
- version/microsoft windows 2003 server/sp1
- version/microsoft windows 2003 server/sp2
- canonical/microsoft windows nt
- version/microsoft windows nt/xp-sp2
- canonical/microsoft windows server
- version/microsoft windows server/sp1
- version/microsoft windows server/sp2
- canonical/microsoft windows xp
- version/microsoft windows xp/sp2