Subscribe

Mega-patch an urban legend

By Candice Jones for Cisco
Johannesburg, 10 Jul 2008

Rumours of an ""uberpatch" that works across all computer software systems and was supposed to have been jointly released on Tuesday by Microsoft, Sun and Cisco, have been dismissed as urban legend.

This morning, Martin Walshaw, consulting systems engineer for security at Cisco, said there was no such patch and while a number of different patches may have been released simultaneously on Tuesday, they should not be seen as one.

"Each vendor has to fix their own product," says Walshaw. He points out that Microsoft's Patch Tuesday is a standard event and many other vendors release patches at the same time.

"There is close collaboration between vendors, but there is not one patch that fits all."

A recent report said there was an inherent flaw in the Internet that had to be fixed through a collaboration of major software giants.

"Vulnerability in the Internet is nothing new," says Walshaw. "We call it DNS poisoning and it is essentially redirecting you to a new Web site. It's easy to do and at Cisco we have had best practices on how to secure your DNS for years."

Dino Covotsos, CEO of Telspace Systems, says that had such a patch been released, it would have had massive implications. "Each vendor has released or is in the process of releasing their own patches; they then require clients to patch their servers accordingly," he notes.

It will affect every name server in the world, so in the bigger picture, it's not a simple solution to change the way DNS works.

Deficiencies in the DNS protocol and common DNS implementations have allowed this vulnerability to persist, he says.

He explains that an attacker with the ability to conduct a successful cache poisoning attack can cause a server's clients to contact malicious hosts.

He says individual patches should solve the problem. Other remedies include restricting access to the name server, filtering traffic, running local DNS cache, disabling recursion, and implementing source port randomisation.

Microsoft could not comment by the time of publication.

Related story:
SA to gain from MS code releases

Share