Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness (971888)

Summary
This host has Microsoft DNS Devolution and is prone to Third-Level Domain Name Resolving Weakness.
Impact
Successful attacks may result in disclosure of the private IP address and authentication credentials, modification of client proxy settings, phishing, redirection to other malicious sites, enticing vulnerable users to download malware. Impact Level: System/Application
Solution
Apply the Security update from below link, http://www.microsoft.com/technet/security/advisory/971888.mspx
Insight
The flaw is due to design error in the DNS devolution process which can be exploited by setting up a malicious site and carry out attacks against victims who are inadvertently directed to the malicious site.
Affected
Microsoft Windows 2k Service Pack 4 and prior Microsoft Windows XP Service Pack 3 and prior Microsoft Windows 2k3 Service Pack 2 and prior
References