微软计划修复此前被发现的Windows Domain Name System 服务漏洞,补丁计划在5月8日发布,但来自MSRC的员工blog消息显示,他们目前正在苦战中,因为,由于这次问题特殊,他们要连夜苦战制作133个补丁,
"我们要为每一个语种,每一个版本的Windows Server分别制作补丁" . "并且还要一个一个测试他们是否有效."

April 19, 2007 8:24 AM PDT
Microsoft preps 133 patches for Windows DNS hole
Posted by Joris Evers
Microsoft plans to have a fix for the recently disclosed Windows Domain Name System service flaw available by its May 8 patch day at the latest.

"This is a developing situation and we are constantly evaluating the situation and the status of our development and testing of updates," Christopher Budd, a Microsoft Security Response Center staffer wrote on a corporate blog Tuesday.

Microsoft is working on 133 separate updates for the problem, Budd wrote.

"One in every language for every currently supported version of Windows servers," he wrote. "Each of these has to be tested to ensure they effectively protect against the vulnerability."

The security vulnerability affects Windows 2000 Server and Windows Server 2003. Microsoft last week warned that it had already heard of a "limited attack" exploiting the flaw. Since then exploit code was publicly disclosed and a variant of the Nirbot worm that takes advantage of the hole has surfaced.

The attacks on the DNS service happen when someone sends rigged data to it. The service is meant to help map text-based Internet addresses to numeric Internet Protocol addresses. The vulnerability affects the DNS RPC interface. RPC, or Remote Procedure Call, is a protocol used by applications to send requests across a network.

Because DNS is a critical part of the networking infrastructure, Microsoft is taking special care with its patches, Budd wrote. "They also have to be tested