Friday, July 25, 2008

Is Your DNS Patched?

In case you have been living under a rock for the past month like I have, you may not have heard about the DNS cache exploit recently discovered by Dan Kaminsky. I was on Microsoft campus this week and had several of the developers verify this is the real deal and patching needs to happen asap if you have not done it already. You also need to verify that WSUS got it done for you. This might be one of the most severe flaws discovered as it was cross platform affecting everything from Windows to Linux, UNIX, Cisco IOS etc.... It was so big in fact that all the major vendors worked together to get the patch issued on the same day. The flaw would allow an attacker to insert a malicious DNS record into the cache. As an end user you type in Internet address and rather than get the proper IP address the cache delivers the malicious IP address sending you somewhere else. You can find out more on the details of the flaw at Dan's blog.

You should make sure that you are patched. Make sure that your upstream ISP DNS servers are patched by calling them or using Dan's DNS Checker at the top of his website.
So why all of a sudden a rush to ensure you are patched? Well the patches issued by the vendors have been reverse engineered and exploit code has been published!

MS08-037 - Vulnerabilities in DNS Could Allow Spoofing (953230)
KB953230 - Vulnerabilities in DNS could allow spoofing

Go. Read. Patch. Now.

No comments: