Check or Attack Name: DNS Predictable Query

An unpatched version of Windows NT DNS has been found. If the DNS query numbers are predictable, it is possible for an attacker to spoof replies to DNS queries, which could potentially redirect traffic to hostile sites.

Apply the latest Windows NT 4.0 Service Pack or the post-SP3 dns-fix patch.

To apply the latest Windows NT 4.0 Service Pack, follow these steps:

1. Open a web browser.
2. Go to http://support.microsoft.com/support/ntserver/Content/ServicePacks/ and follow the directions to download the appropriate service pack for your computer.
3. Find the installation program you downloaded to your computer.
4. Double-click the program icon to start the installation.
5. Follow the installation directions.

—OR—

Windows NT 4.0 Service Pack 3 (SP3) users must apply the post-SP3 dns-fix patch available from ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP3/dns-fix/.

Microsoft Knowledge Base Article Q167629, Predictable Query IDs Pose Security Risks for DNS Servers, http://support.microsoft.com/support/kb/articles/q167/6/29.asp

Microsoft Knowledge Base Article Q167629, Predictable Query IDs Pose Security Risks for DNS Servers, ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP3/dns-fix/Q167629.txt