On July 8, 2008, Microsoft, the Internet Software Consortium, and many other software vendors released a coordinated update to address "new" problems with the DNS (or Domain Name Service) protocol.  The flaw exists due to the implemenation of the the DNS client and server applications which are very predictable.  This predictablity of the query and responses could allow an attacker to spoof an invalid response.  As such, the attacker could inject an IP address of their choice to a common DNS query like www.uark.edu, or google.com.  If a client or server caches the incorrect IP address, a computer could contact a fraudulent website, email server, or file server.

This problem has been discussed in the Internet community previously, but had not caused appropriate changes to the protocol and client software.  This coordinated release is believed by the University IT Security Office to be in response to actual attacks found on the Internet versus theoretical attacks.

UITS recommends that all client computers and servers apply the appropriate update released by the operating system vendors.  Additionally, those departments that manage DNS servers should update your server software as well to prevent predictability of responses to client computers.

UITS also notes that these updates may cause problems with some personal firewall products such as ZoneAlarm.  If you experience problems please let IT Security know via security@uark.edu.