Nemertes Impact Analysis: DNS Flaw Announced: Patch Now
Nemertes Impact Analysis: DNS Flaw Announced: Patch Now
Nemertes Impact Analysis
The Impact Analysis is a weekly quick-take on breaking IT news. Nemertes provides expert insight on how recent IT news affects you.
Sign up to receive the Nemertes Impact Analysis or register for access to free web site content.
DNS Flaw Announced: Patch Now
Last week AT&T (NYSE:ATT), Cisco (NASDAQ:CSCO), privately held ISC,
Microsoft (NASDAQ:MSFT), Red Hat (NYSE:RHT) and Sun (NASDAQ:JAVA) released
patches for their respective DNS code. The vulnerability is a design flaw in DNS
that could enable an attacker to redirect requests to their own servers. It is
crucial that all organizations install the patches as soon as possible to
minimize the chance of exploit.
This announcement underscores Nemertes' finding in the Security and
Information Protection benchmark that 30% of participants still patch
critical servers no more often than quarterly.
Impacts:
Enterprises: Exploit of this vulnerability can place your enterprise at risk
of rerouting legitimate traffic to illegitimate sites. Beware that you may first
need to upgrade your DNS code to current release before patching.
Vendors: Many vendors rely on OEM and open source code for core functionality
like DNS. Double check if you need to patch your products.
Investors: A company that does not patch regularly and effectively is putting
your investments at unnecessary risk.
http://www.nemertes.com/products_services/research/benchmarks/nemertes_benchmark_security_and_information_protection
http://www.kb.cert.org/vuls/id/800113
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=321866
Ted Ritter, Research Analyst
Bookmark/Search this post with:
Delicious
| 
Digg
| 
Reddit
| 
Technorati