Microsoft has released a patch (http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx). Juniper has released a patch (http://www.kb.cert.org/vuls/id/MIMG-7DWR4Z). Cisco has released a patch (http://www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtml). ISC has relased a patch for Bind (http://www.isc.org/index.pl?/sw/bind/bind-security.php). -- +-------------------------------------------+ | Michael Surato | | College of Arts and Letters | | Michigan State University | | 320 Linton Hall | | East Lansing, MI 48824 | | Voice: (517) 353-0778 Fax: (517) 355-0159 | +-------------------------------------------+ >>> On 7/8/2008 at 4:15 PM, MSU Network Administrators Group wrote: > Do you know if patches are available for BIND and Windows 200x Server > yet? Are there any precautions that should be followed until we have > all of our patches in place? > > Thanks! > > -Nick Kwiatkowski > MSU Telecom Systems, Physical Plant > > -----Original Message----- > From: MSU Network Administrators Group [mailto:[log in to unmask]] On > Behalf Of Jeff Goeke-Smith > Sent: Tuesday, July 08, 2008 4:10 PM > To: [log in to unmask] > Subject: [MSUNAG] DNS Cache Poisoning Vulnerability > > Today, CERT released a notice regarding coordinated patching of > all major DNS servers against a protocol level attack on the DNS > system. This class of attack can result in a attacker taking over > various domain names for all clients on a network. If you are running > a DNS server, you should evaluate their potential vulnerability and > patch as appropriate. > > The CERT advisory can be found at http://www.kb.cert.org/vuls/id/800113 > > -- > Jeff Goeke-Smith > [log in to unmask] > Network Security > Michigan State University >