Tuesday 29 July 2008

DNS Update is an absolute requirement

Lately, we have seen a lot of news on the wire and in the blogosphere about vulnerabilities in our DNS setup.

The news is such that Microsoft has reissued a Microsoft Security Advisory (956187).

The threat is immanent, and we should be patching all of our client systems.

From the above Security Advisory:
Microsoft released Microsoft Security Bulletin MS08-037 on July 8, 2008, offering security updates to protect customers against Windows Domain Name System (DNS) spoofing attacks. Microsoft released this update in coordination with other DNS vendors who were also similarly impacted. Since the coordinated release of these updates, the threat to DNS systems has increased due to a greater public understanding of the attacks, as well as detailed exploit code being published on the Internet.Microsoft is not currently aware of active attacks utilizing this exploit code or of customer impact at this time. However, attacks are likely imminent due to the publicly posted proof of concept and Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary.

Microsoft’s investigation of this exploit code has verified that it does not affect Microsoft customers who have installed the updates detailed in Microsoft Security Bulletin MS08-037. Microsoft continues to recommend that customers apply the updates to the affected products by enabling the Automatic Updates feature in Windows.
Threat Level has some good background information on the who/what/where/when: A little work is in store for those of us who have not patched yet. :)

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

No comments: