The Window to Patch Your DNS Servers Has Closed

According to information being posted by many news outlets the DNS cache poisoning vulnerability that we commented on back on July 9th, the window that researchers and network operators had hoped would be open to patch DNS servers until the Blackhat conference has closed.  Several examples of exploit code have been released out into the wild which show how to take advantage of this vulnerability and attacks have also been spotted in the wild (Thanks to Websense for providing some of the links). 

The folks working on the Metasploit Project were one of the first to jump on the bandwagon by making the exploit available via their freely available Metasploit application. 

So, if you have not yet updated your DNS servers, the time is now to test the patch and update your production servers.  Patches are available from all of the major vendors.  It was widely expected that once the details of the vulnerability were released, exploits would follow very quickly afterward. 

Many have bemoaned the fact that the details of this vulnerability were kept under wraps for so long while others viewed it as a commercial ploy for the Blackhat conference.  My personal opinion is that in the name of responsible disclosure this situation was handled with 100% professionalism and sensitivity as to the nature and severity of the problem.  Based on the amount of coordination that was required to get all of the vendors together, discuss the problem, and patch their applications, there was no way that this could have been done such that it would please everyone involved.  The overly vocal minority is trying to put a black eye on a process that worked as well as it possibly could given the number of stakeholders involved.  It is truly impressive to me that the details were not disclosed sooner. 

It cannot be said strongly enough.  Protect your users and your network.  This is not a problem you can ignore.