DNS hole prompts synchronized patching effort by IT vendors

In a rare synchronized security move, Microsoft Corp., Cisco Systems Inc. and other IT vendors today released software patches aimed at addressing a fundamental design flaw in the Domain Name System (DNS) protocol used to direct traffic on the Internet.

The so-called DNS cache poisoning flaw was discovered earlier this year by Dan Kaminsky, a researcher at security services firm IOActive Inc., but it wasn't publicized until today. The vulnerability could allow attackers to redirect Web traffic and e-mails to systems under their control, according to Kaminsky, who said in an interview that the flaw exists at the DNS protocol level and affects numerous products from multiple vendors. ... Go to source