Microsoft Products are not Affected by BIND Vulnerabilities

Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

We've received a number of questions asking what several recently announced security vulnerabilities affecting the BIND DNS implementation mean for Microsoft customers. The answer is that these vulnerabilities don't affect Microsoft products in any way, and customers don't need to take any action.

DNS (Domain Name System) is an industry-standard protocol that provides a means of translating between domain names (for instance, and their equivalent IP addresses (for instance, BIND (Berkeley Internet Name Domain) is an implementation of that protocol. The newly identified vulnerabilities are errors in the BIND implementation, not errors in the DNS standard.

Microsoft provides a DNS implementation in its products, but it is a completely separate implementation from BIND. Our DNS service is fully compatible with BIND and other standard DNS implementations, but because the software is completely different, the Microsoft implementation is unaffected by problems in BIND or any other implementation of the standard.

Microsoft did recently experience some widely-publicized problems with our DNS network. These problems are discussed in a letter from our CIO, Rick Devenuti. The fact that the onset of the problems occurred about the same time as the announcement of the BIND vulnerabilities was coincidental; the problems were unrelated to the BIND vulnerabilities.