Windows DNS Patch Strands ZoneAlarm Users

Users of the security program ZoneAlarm encountered a problem accessing the Internet after applying a Microsoft Windows domain name system (DNS) patch described in security bulletin MS08-037. Microsoft's Enterprise Networking Team issued a warning about the problem, which affects users of Windows XP and Windows 2000 operating systems, but no fix.

Instead, on Thursday, Check Point Software Technologies, the maker of the ZoneAlarm program, released updates to its ZoneAlarm products as a workaround solution.

Microsoft is still investigating the problem, but referred people to Check Point Software's Web site for the workaround fix in the mean time.

"We recommend updating the ZoneAlarm software to correct the problem," wrote Microsoft's Enterprise Networking Team. "We do not recommend uninstalling the update described in security bulletin MS08-037."

Spoofing is what the Windows DNS patch is supposed to help avoid. Microsoft's patch is a fix for a DNS cache exploit that hackers could use to increase their chances of redirecting an unsuspecting user to a malicious Web site that looks like a legitimate Web page. It's a serious problem that requires immediate attention, according to security pro Andrew Storms.

"Every network administrator in the world needs to drop that iPhone, get off their blackberry and patch their [system] now," cautioned Storms, who is director of security at San Francisco-based nCircle. "The risk to corporate networks is serious. DNS attacks are a silent killer. Unsuspecting users don't see anything different but are silently redirected to a malicious Web site where their private data can be stolen."

Such phishing attacks have been on the rise as the number of hosted enterprises services increases, security experts say.

This week's DNS incident seems to vindicate critical Patch Tuesday comments made by some security observers. Those critics suggested that Redmond had either rushed the release of certain fixes or understated the severity of the vulnerabilities that the fixes were supposed to remedy.

"[In general], these bulletins do seem to be downgraded in terms of severity because of what Microsoft believes to be additional steps that must be taken and/or limits of what can be done to the system," said Eric Schultze, chief technology officer of Minnesota-based software security firm Shavlik Technologies. "But why not leave it critical and downplay the likelihood of an attack instead."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.


  • Microsoft Starting To Roll Out New Excel Connected Data Types

    Microsoft on Thursday announced some Excel and Power BI enhancements that add "connected data types" on top of the standard strings and numbers options.

  • Windows 10 Users Getting New Process for Finding Optional Driver Updates

    Accessing Windows 10 drivers classified as "optional updates" will be more of a manual seek-and-install type of experience, starting on Nov. 5, 2020, Microsoft explained in a Wednesday announcement.

  • Microsoft Changes Privacy Platform Name to SmartNoise

    Microsoft Research has changed the name of its "differential privacy" platform from "WhiteNoise" to "SmartNoise," according to a Wednesday announcement.

  • Why Restarting a Failed SCVMM Job Might Be a Bad Idea

    Occasionally, restarting a failed System Center Virtual Machine Manager job can leave your virtualization infrastructure in an unknown state. Here's how to avoid that.

comments powered by Disqus