A very serious flaw in the Internet's DNS servers may have been ripe for a significant exploit, though a familiar security researcher might have sounded the alarm just in time. Now, Microsoft and Linux vendors are responding urgently.
Read it here
The real vulnerability is not in Windows or Linux but in BIND, the most widely deployed DNS software everywhere. A security feature in BIND creates a transaction ID for communications between an IP host and a DNS server. Supposedly, that transaction ID is supposed to be randomized using a 15-bit binary number. But the way it's typically deployed, each limitation or option added to the system reduces the number of bits in that random number by one each time, and reduces the number of guesses a malicious script requires to guess the transaction ID by a power of two.