Microsoft has tested the following workarounds. While the workarounds will not correct the underlying vulnerability, it helps block known attack vectors. Specifically, all these workarounds have been tested and shown to block attempts to exploit the vulnerability over RPC traffic as well as port 139 and 445. When a workaround reduces functionality, it is identified in the following section.
* Disable remote management over RPC capability for DNS Servers through the registry key setting.
Note Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.
For information about how to edit the registry, view the “Changing Keys And Values” Help topic in Registry Editor (Regedit.exe) or view the “Add and Delete Information in the Registry” and “Edit Registry Data” Help topics in regedit.exe.
Note We recommend backing up the registry before you edit it.
1.
On the start menu click ‘Run’ and then type ‘Regedit’ and then press enter.
2.
Navigate to the following registry location:
“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters”
3.
On the ‘Edit’ menu select ‘New’ and then click ‘DWORD Value’
4.
Where ‘New Value #1’ is highlighted type ‘RpcProtocol’ for the name of the value and then press enter.
5.
Double click on the newly created value and change the value’s data to ‘4’ (without the quotes).
6.
Restart the DNS service for the change to take effect.