Earlier this year a security researcher found a previously unknown and far-reaching security hole in the Domain Name System (DNS). As far as I can tell, it’s not a bug in a specific DNS implementation but rather an issue with the actual DNS specification. It’s a form of DNS cache poisoning, which is pretty much impossible for the end user to detect or guard against and which we’ve discussed previously here at Chad’s News. Yesterday, a large coalition of vendors released a simultaneous patch for all of their products. Details about the vulnerability are sparse, as the security experts are waiting a month before giving out the specifics. What I found surprising was that both the DNS servers (usually hosted by ISPs) and the DNS clients (e.g., end-user PCs) require patches.
It’s recommended that everyone apply the appropriate updates. For Windows users, this means doing a Windows Update. But be careful. The Microsoft DNS patch conflicts with the ZoneAlarm firewall and will block all internet access if you have both installed at the same time. The exploit does not yet exist in the wild, so it will probably be okay to delay the updates for a few days while Microsoft and ZoneAlarm get their act together.