Windows DNS Patch Strands ZoneAlarm Users

Users of the security program ZoneAlarm encountered a problem accessing the Internet after applying a Microsoft Windows domain name system (DNS) patch described in security bulletin MS08-037. Microsoft's Enterprise Networking Team issued a warning about the problem, which affects users of Windows XP and Windows 2000 operating systems, but no fix.

Instead, on Thursday, Check Point Software Technologies, the maker of the ZoneAlarm program, released updates to its ZoneAlarm products as a workaround solution.

Microsoft is still investigating the problem, but referred people to Check Point Software's Web site for the workaround fix in the mean time.

"We recommend updating the ZoneAlarm software to correct the problem," wrote Microsoft's Enterprise Networking Team. "We do not recommend uninstalling the update described in security bulletin MS08-037."

Spoofing is what the Windows DNS patch is supposed to help avoid. Microsoft's patch is a fix for a DNS cache exploit that hackers could use to increase their chances of redirecting an unsuspecting user to a malicious Web site that looks like a legitimate Web page. It's a serious problem that requires immediate attention, according to security pro Andrew Storms.

"Every network administrator in the world needs to drop that iPhone, get off their blackberry and patch their [system] now," cautioned Storms, who is director of security at San Francisco-based nCircle. "The risk to corporate networks is serious. DNS attacks are a silent killer. Unsuspecting users don't see anything different but are silently redirected to a malicious Web site where their private data can be stolen."

Such phishing attacks have been on the rise as the number of hosted enterprises services increases, security experts say.

This week's DNS incident seems to vindicate critical Patch Tuesday comments made by some security observers. Those critics suggested that Redmond had either rushed the release of certain fixes or understated the severity of the vulnerabilities that the fixes were supposed to remedy.

"[In general], these bulletins do seem to be downgraded in terms of severity because of what Microsoft believes to be additional steps that must be taken and/or limits of what can be done to the system," said Eric Schultze, chief technology officer of Minnesota-based software security firm Shavlik Technologies. "But why not leave it critical and downplay the likelihood of an attack instead."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.


  • Spaceflight Training in the Middle of a Pandemic

    Surprisingly, the worldwide COVID-19 lockdown has hardly slowed down the space training process for Brien. In fact, it has accelerated it.

  • Surface and ARM: Why Microsoft Shouldn't Follow Apple's Lead and Dump Intel

    Microsoft's current Surface flagship, the Surface Pro X, already runs on ARM. But as the ill-fated Surface RT showed, going all-in on ARM never did Microsoft many favors.

  • IT Security Isn't Supposed To Be Easy

    Joey explains why it's worth it to endure a little inconvenience for the long-term benefits of a password manager and multifactor authentication.

  • Microsoft Makes It Easier To Self-Provision PCs via Windows Autopilot When VPNs Are Used

    Microsoft announced this week that the Windows Autopilot service used with Microsoft Intune now supports enrolling devices, even in cases where virtual private networks (VPNs) might get in the way.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.