Rinbot.BC Worm Exploits Un-Patched Microsoft DNS Vulnerability

I heard about this vulnerability recently, and according to search security, there is now a worm, Rinbot.BC, using the exploit. I haven't heard any reports yet on how widespread the worm is, but it is probably a good idea to use the workaround mentioned in Microsoft Security Bulletin 935964.

The vulnerability was announced last week, and there is talk that Microsoft is going to issue a out of cycle patch to fix the issue. Windows Server 2000 SP4, and Windows Server 2003 SP1 and SP2 are effected. Of course clients don't run a DNS server, so Vista, XP and 2000 are not affected.

The security bulletin lists several ways to work around the vulnerability, I thought the easiest way was to use the method that uses the registry to disable remote management of the DNS server through RPC. Terminal services (including remote desktop), and the local machine will still be able to manage DNS settings.