Windows DNS Patch Strands ZoneAlarm Users

Users of the security program ZoneAlarm encountered a problem accessing the Internet after applying a Microsoft Windows domain name system (DNS) patch described in security bulletin MS08-037. Microsoft's Enterprise Networking Team issued a warning about the problem, which affects users of Windows XP and Windows 2000 operating systems, but no fix.

Instead, on Thursday, Check Point Software Technologies, the maker of the ZoneAlarm program, released updates to its ZoneAlarm products as a workaround solution.

Microsoft is still investigating the problem, but referred people to Check Point Software's Web site for the workaround fix in the mean time.

"We recommend updating the ZoneAlarm software to correct the problem," wrote Microsoft's Enterprise Networking Team. "We do not recommend uninstalling the update described in security bulletin MS08-037."

Spoofing is what the Windows DNS patch is supposed to help avoid. Microsoft's patch is a fix for a DNS cache exploit that hackers could use to increase their chances of redirecting an unsuspecting user to a malicious Web site that looks like a legitimate Web page. It's a serious problem that requires immediate attention, according to security pro Andrew Storms.

"Every network administrator in the world needs to drop that iPhone, get off their blackberry and patch their [system] now," cautioned Storms, who is director of security at San Francisco-based nCircle. "The risk to corporate networks is serious. DNS attacks are a silent killer. Unsuspecting users don't see anything different but are silently redirected to a malicious Web site where their private data can be stolen."

Such phishing attacks have been on the rise as the number of hosted enterprises services increases, security experts say.

This week's DNS incident seems to vindicate critical Patch Tuesday comments made by some security observers. Those critics suggested that Redmond had either rushed the release of certain fixes or understated the severity of the vulnerabilities that the fixes were supposed to remedy.

"[In general], these bulletins do seem to be downgraded in terms of severity because of what Microsoft believes to be additional steps that must be taken and/or limits of what can be done to the system," said Eric Schultze, chief technology officer of Minnesota-based software security firm Shavlik Technologies. "But why not leave it critical and downplay the likelihood of an attack instead."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.


  • Vendors Issue Patches for Linux Container Runtime Flaw Enabling Host Attacks

    This week, the National Institute of Standards and Technology (NIST) described a high-risk security vulnerability (CVE-2019-5736) for organizations using containers that could lead to compromised host systems.

  • Windows 10 Version 1809 Users May Get Visual Studio Crashes

    Microsoft on Friday issued an advisory for Windows 10 version 1809 users about possible Visual Studio crashes.

  • Standardizing the Look of Outlook's Outbound Messages

    Microsoft typically gives users a blank canvas to compose new e-mails in Outlook. In some corporate environments, however, a blank canvas isn't a good thing.

  • Windows 10 'Semiannual Channel Targeted' Goes Away This Spring

    Microsoft plans to slightly alter its Windows servicing lingo and management behavior with its next Windows 10 operating system feature update release, coming this spring.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.