In-Depth

Windows DNS Patch Strands ZoneAlarm Users

Microsoft officials warn of a problem that arises after users apply a DNS patch to Windows XP and 2000.

By Jabulani Leffall

Users of the security program ZoneAlarm encountered a problem accessing the Internet after applying a Microsoft Windows domain name system (DNS) patch described in security bulletin MS08-037. Microsoft's Enterprise Networking Team issued a warning about the problem, which affects users of Windows XP and Windows 2000 operating systems, but no fix.

Instead, last Thursday, Check Point Software Technologies, the maker of the ZoneAlarm program, released updates to its ZoneAlarm products as a workaround.

Microsoft is still investigating the problem, but referred people to Check Point Software's Web site for the workaround fix in the mean time.

"We recommend updating the ZoneAlarm software to correct the problem," wrote Microsoft's Enterprise Networking Team. "We do not recommend uninstalling the update described in security bulletin MS08-037."

Spoofing is what the Windows DNS patch is supposed to help avoid. Microsoft's patch is a fix for a DNS cache exploit that hackers could use to increase their chances of redirecting an unsuspecting user to a malicious Web site that looks like a legitimate Web page. It's a serious problem that requires immediate attention, according to security pro Andrew Storms.

"Every network administrator in the world needs to drop that iPhone, get off their blackberry and patch their [system] now," cautioned Storms, who is director of security at San Francisco-based nCircle. "The risk to corporate networks is serious. DNS attacks are a silent killer. Unsuspecting users don't see anything different but are silently redirected to a malicious Web site where their private data can be stolen."

Such phishing attacks have been on the rise as the number of hosted enterprises services increases, security experts say.

This week's DNS incident seems to vindicate critical Patch Tuesday comments made by some security observers. Those critics suggested that Redmond had either rushed the release of certain fixes or understated the severity of the vulnerabilities that the fixes were supposed to remedy.

"[In general], these bulletins do seem to be downgraded in terms of severity because of what Microsoft believes to be additional steps that must be taken and/or limits of what can be done to the system," said Eric Schultze, chief technology officer of Minnesota-based software security firm Shavlik Technologies. "But why not leave it critical and downplay the likelihood of an attack instead?"

Must Read Articles