Friday, July 25, 2008

Is Your DNS Patched

In case you have been living under a rock for the past month you have most likely heard about the DNS cache exploit recently discovered by Dan Kaminsky.  This might be one of the most severe flaws discovered as it was cross platform affecting everything from Windows to Linux, UNIX, Cisco IOS etc....  It was so big in fact that all the major vendors worked together to get the patch issued on the same day.  The flaw would allow an attacker to insert a malicious DNS record into the cache.  As an end user you type in www.technet.com and rather than get the proper IP address the cache delivers the malicious IP address sending you to ????  You can find out more on the details of the flaw at Dan's blog.

You should also make sure that you are patched.  Make sure that your upstream ISP DNS servers are patched by calling them or using Dan's DNS Checker at the top of his website.

So why all of a sudden a rush to ensure you are patched?  Well the patches issued by the vendors have been reverse engineered and exploit code has been published!  Dan has said many times that this is an extremely easy to launch exploit that could be implemented in seconds.

MS08-037 - Vulnerabilities in DNS Could Allow Spoofing (953230)

KB953230 - Vulnerabilities in DNS could allow spoofing

Go. Read. Patch. Now.

And when you are done, copy and paste this blog post to your blog, email it to your IT Pro buddies, get the word out!

If you have links to the patches from other vendors, please leave a comment with the URL!