Increased Threat for DNS Spoofing Vulnerability
Published: July 25, 2008
Microsoft released Microsoft Security Bulletin MS08-037 on July 8, 2008, offering security updates to protect customers against Windows Domain Name System (DNS) spoofing attacks. Microsoft released this update in coordination with other DNS vendors who were also similarly impacted. Since the coordinated release of these updates, the threat to DNS systems has increased due to a greater public understanding of the attacks, as well as detailed exploit code being published on the Internet.
Microsoft is not currently aware of active attacks utilizing this exploit code or of customer impact at this time. However, attacks are likely imminent due to the publicly posted proof of concept and Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary.
Microsoft’s investigation of this exploit code has verified that it does not affect Microsoft customers who have installed the updates detailed in Microsoft Security Bulletin MS08-037. Microsoft continues to recommend that customers apply the updates to the affected products by enabling the Automatic Updates feature in Windows.