The Google security team discovered several vulnerabilities in current NTP implementations, one of which can lead to arbitrary code execution. NTP servers prior to version 4.2.8 are affected. There are some rumors about active exploitation of at least some of the vulnerabilities Google discovered. Make sure to patch all publicly reachable NTP implementations as fast as possible.