[1st-mile-nm] MS DNS patch snuffs net connection for ZoneAlarm users
Marianne Granoff
granoff at zianet.com
Wed Jul 9 16:21:22 PDT 2008
FYI. From another list.
>MS DNS patch snuffs net connection for ZoneAlarm users
>By John Leyden
>9 Jul 2008 10:05
>A cure worse than the disease
>
>Updated Microsoft released four patches - all rated important - as
>part of its regular Patch Tuesday update cycle, one of which left
>ZoneAlarm users locked out the internet.
>
>The most significant of the quartet fixes a flaw in Windows'
>implementations of the Domain Name System protocol (MS08-037.mspx).
>Multiple vendors are subject to the DNS-spoofing vulnerability,
>which stems from a fundamental weakness involving a lack of entropy
>in DNS queries rather than a specific security bug. Successfully
>exploiting the flaw could allow hackers to spoof DNS replies,
>creating a means to redirect network traffic or to mount man-in-the-
>middle attacks.
>
>Unfortunately Microsoft's fix creates problems in itself, leaving
>users of the popular ZoneAlarm firewall unable to access the
>internet after they apply the patch.
>
>The experiences of Reg reader Steve seem typical. "I woke up this
>morning to no internet at all and on calling my ISP's tech support I
>was told there was an issue with the latest patches and Zone Alarm,"
>he reports. "I have uninstalled Zone Alarm and everything now works
>fine. Not sure who is to blame on this one but it has been a pain."
>
>ZoneAlarm has published a list of recommended workarounds to dealing
>for the glitch here.
>
>Microsoft's three other patches cover vulnerabilities in Exchange
>server and SQL Server and, on the desktop, bugs in Windows Explorer.
>The Explorer vuln potentially creates a means for hackers to inject
>malware onto vulnerable systems running Windows Vista. This flaw -
>along with cross-site scripting vulnerabilities in Outlook for Web
>Access that affect MS Exchange and information disclosure bugs in
>SQL Server - are all rated "important" by Redmond but "critical" by
>security watchers at the SANS Institute's Internet Storm centre.
More information about the 1st-mile-nm
mailing list