In reference to the message from Russ Poole below, on Tuesday, July 29, 2008, beginning at 6:00 PM, TSO will push out a DNS patch from Microsoft through LANDesk to all managed CC Windows XP machines. This patch requires a reboot following its installation, so all CC Windows XP users should save their work and leave their computers on before leaving for the day. This patching is expected to be completed by 7:00 PM.

Windows XP laptop users will need to manually patch their machines. Links to the patch, as well as the Security Bulletin, are provided below.

Anyone using a third-party software firewall on their Windows XP machine should check for an updated version through their firewall vendor prior to receiving this patch. In its Security Bulletin, Microsoft encourages ZoneAlarm and Check Point Endpoint Security users to update these products. Although not mentioned, other firewall products may need updating, as well. The built-in Microsoft firewall is compatible with this patch.

Security Bulletin:

http://www.microsoft.com/technet/security/Bulletin/MS08-037.mspx

Patch Download:

http://www.microsoft.com/downloads/details.aspx?familyid=ed989a33-7a9e-4423-93a8-b38907467cdf&displaylang=en

*****

From: staff-bounces@cc.gatech.edu [mailto:staff-bounces@cc.gatech.edu] On Behalf Of Russell Poole
Sent: Friday, July 18, 2008 5:23 PM
To: faculty@cc.gatech.edu; staff@cc.gatech.edu; phd-list@cc.gatech.edu; cocms-list@cc.gatech.edu
Cc: tso-availability@lists.gatech.edu
Subject: [Staff] DNS Vulnerability



Good Afternoon.



On Tuesday, July 8, the United States Computer Emergency Readiness Team (US-CERT) issued a technical alert regarding a new cache poisoning Vulnerability in many implementations of the Domain Name System (DNS). While this class of attack has been known for quite some time, this alert was addressing a new attack method found by security researcher Dan Kaminsky of IOActive which allows quicker compromise of a vulnerable DNS service. The release of this alert coincided with patches released by many of the affected vendors (this was Microsoft's Patch Tuesday, and their patches include fixes for this issue in their DNS code).

Dan Kaminski notified vendors earlier in the year and helped coordinate patching activity so that notification could happen to the IT community at large in a timely fashion. The impact of this vulnerability could be significant if malicious parties produce and execute exploits against this vulnerability. The impact of widespread compromise of DNS servers includes redirecting Web, Email, and other Internet services to servers under attacker control.



It must be stressed that these patches provide limited protection in that they make exploitation of this vulnerability more difficult. The real solution is to implement secure Domain Name System (DNSSEC), a version of DNS which uses cryptography to ensure the integrity of the data used to direct the Internet's services to the correct hosts.

TSO is currently working to consolidate our DNS Secondary Servers to a smaller, more robust group of servers running DNSSEC. Our primary servers are also being switched over to DNSSEC as well. This work must be completed by August 6th as the vulnerability will then be publicly announced at the black hat conference in Las Vegas. TSO is also conducting a survey to determine what UNIX systems may be referencing Secondary DNS servers that are being decommissioned and working to redirect them to the new DNSSEC secondary machines.



NOTE: DNSSEC *IS* backwards compatible. However, this also affects client machines utilizing DNS. TSO is working to identify and patch these machines as well.



If you have any questions or concerns, please contact the help desk at 404-894-7065 or email us at helpdesk@cc.gatech.edu.



Thank you,



Russ Poole

Director, TSO


References:

http://www.us-cert.gov/cas/techalerts/TA08-190B.html
http://www.kb.cert.org/vuls/id/800113