Bangkok--15 Aug--Core & Peak Please be aware of the threat level being changed to "elevated" from “normal” on our websites due to the DNS cache poisoning vulnerability. The explanation for the increased level is as follows:About Threat Level The current threat level is ELEVATED. A recently disclosed DNS Cache Poisoning vulnerability affects vendors worldwide. For System Administrators this condition warrants close monitoring of security information channels, automatic deployment of relevant patches, engaging preventive technologies, and monitoring for security lapses. Home users should ensure that all relevant patches have been updated and preventive technologies are in place. For more information, please refer to the following blog entries:Major DNS Cache-Poisoning Vulnerability: Patch Nowby Paul Ferguson (Advanced Threats Researcher) While this is completely unrelated to any particular malware, there is a rather disconcerting DNS cache-poisoning vulnerability that has surfaced which deserves the attention of any and every organization on the planet which operates their own DNS servers. The importance of determining if you are vulnerable, and getting the vulnerability fixed quickly, is becoming more important as each days passes. This is due not only to the criticality of the vulnerability, but also due to some of the “colorful” background in how some of the details have become available surrounding the vulnerability itself. First, US-CERT published an advisory on this vulnerability on 8 July 2008, and they have a detailed reference of vendor products which are affected on their advisory page. Please visit their advisory page to determine if your DNS infrastructure is at risk. As the US-CERT advisory states, the heart of this issue is that DNS caching nameservers can be poisoned by an “…attack technique that allows an attacker to introduce forged DNS information into the cache of a caching nameserver.” This is a very serious situation, and can possibly lead to widespread and targeted attacks which hijack sensitive information by redirecting legitimate traffic to fraudulent websites, due to incorrect (fraudulent) information being injected into the vulnerable caching nameserver(s). Secondly, while the details of this vulnerability were originally discovered by Dan Kaminsky, and were originally to be revealed at the upcoming Black Hat conference in Las Vegas next month, some details regarding the vulnerability have been “leaked” to the public, which increases the importance of quickly patching any vulnerability in deployed DNS servers.There are also some publicly available tools to to determine if your DNS servers are affected.This vulnerability is quite serious, so please - PATCH NOW.“Fergie”, a.k.a. Paul FergusonInternet Security IntelligenceAdvanced Threats Research Trend Micro Inc. Media Contact: Bussakorn Sonthikorn, Srisuput Siangyen Public Relations Consultant Core & Peak Co.,Ltd. Tel. 0-2439-4600 ext. 8202, 8300 e-mail: [email protected], [email protected]