Microsoft DNS Vulnerability - Exploited!

If you didn't apply the registry hack on your Microsoft DNS servers yet (CERT VU#555920, Microsoft Security Bulletin #935964), now would be a good time. There is known exploit available and in use. Apparently, the Rinbot worm is now using the exploit and it's been added to Metasploit. I'd expect to see attacks pick up rather than decrease at this point.

For the blissfully unaware, the exploit uses a buffer overrun to elevate privileges. Being a DNS attack, this can allow DNS poisoning, pharming, and DOS. Since most people put the DNS server on their domain controller, an attacker who compromises your DNS server is able to compromise your Active Directory. At that point, you are looking at a very bad situation and a minimum of one very long night.