Microsoft DNS patch KB951748 secures Internet access too well
Thursday, July 10, 2008
Microsoft DNS patch KB951748 secures Internet access too well
The latest Microsoft DNS patch improves security too well. The update appears to be incompatible with Check Point's hugely popular ZoneAlarm firewall and possibly other firewall products, and results in complete loss of Internet access.
After a lengthy failed attempt to diagnose a family member's “my Internet no longer works” problem over the phone I saw the BugTraq alert “Microsoft DNS patch KB951748 incompatible with Zonealarm” late at night. Sure enough, uninstalling the update nicely resolved the problem.
The other possible workaround, turning off the firewall completely, would be more risky than living with the spoofing vulnerability until this incompatibilty gets fixed.
After a lengthy failed attempt to diagnose a family member's “my Internet no longer works” problem over the phone I saw the BugTraq alert “Microsoft DNS patch KB951748 incompatible with Zonealarm” late at night. Sure enough, uninstalling the update nicely resolved the problem.
The other possible workaround, turning off the firewall completely, would be more risky than living with the spoofing vulnerability until this incompatibilty gets fixed.
Labels: technology, windows