| Author |
Topic: Fixed: Bad interaction w/DNS Patch - July 8 Windows Updates |
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 8 Jul 2008 6:34 pm |
|
July 8, 2008
Attn: All members!
Microsoft released a few new patches on Tuesday, July 8. One of them is a DNS spoofing patch, rated as Important. Applying this patch will protect your computers from attack from spoofed websites by making it impossible for the computer to connect to the Internet! It just hosed three of my computers today. I have written a blog article detailing the bad DNS patch, here.
<strike>DO NOT INSTALL THE DNS PATCH DATED JULY 8, 2008 AT THIS TIME!</strike> If you already have installed it and rebooted, only to find you cannot connect to the Internet, and you use the ZoneAlarm Personal Firewall, open the Firewall control center, click on "Firewall," then "Main," then reduce the slider for Internet Zone Security to "Medium." This will restore your connectivity, if ZoneAlarm caused it to be blocked.
If you don't use ZoneAlarm and lost connectivity, check your firewall logs for whatever firewall you do have. It is probably responsible. If you can't figure out which application broke your Internet access, after installing the patch, run System Restore to the point set by the Software Distribution setup utility, dated July 8, 2008</strike>
<strike>Change your Windows Updates settings to Notify Me, or Download but let me choose when to install them. I hope Microsoft fixes this real soon!</strike>
Please read my follow-up post below.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
Last edited by Wiz Feinberg on 18 Jul 2008 12:15 pm; edited 2 times in total |
|
|
 |
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 8 Jul 2008 7:10 pm ZoneAlarm Firewall at fault in loss of Internet after patch
|
|
I just experimented with my ZoneAlarm Personal Firewall and discovered that it is responsible for blocking my Internet access after allowing Microsoft to update the TCP stack to protect against DNS spoofing attacks. If you also use a ZoneAlarm firewall and have lost connectivity after installing the DSN patch in Windows Update MS08-037, do the following temporarily:
Open the ZoneAlarm control center by double-clicking on the Zee in the System Tray (Canadian members should click on the Zed!). When the control center opens click on the word "Firewall" on the left, then on the "Main" tab and lower the "Internet Zone Security" slider from High to Medium. That will instantly fix the connectivity problem, but removes your stealth status, leaving you more at risk than before from TCP attacks. I will be looking for an update from ZoneAlarm in the next couple of days.
This is a serious problem, in that Microsoft sees a need to patch a vulnerability in the TCP stack that ZoneAlarm treats as a hostile modification. I have yet to figure out how to whitelist this change in ZoneAlarm.
Standing by and investigating...
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 10 Jul 2008 8:36 am ZoneAlarm released patched versions of firewall
|
|
ZoneAlarm has posted updated versions of five security products that are responsible for knocking Windows 2000 and XP users offline, after applying the July 8, 2008 Windows Updates (MS08-037). You can visit that page and find the application you have and download the applicable updated version.
Note, that this situation is still in flux and it is possible that ZoneAlarm will issue another round of updates (but I don't know that). If you are connected to the Internet -> directly to either a dial-up or broadband modem, without a router, you are most at risk from TCP attacks, "over the wires." You should download the latest patched version of ZoneAlarm and install it ASAP, to remain "stealthed" from Internet-borne attack codes.
If you are behind a "NAT" router you have a little more breathing space, as the Natural Address Translation in it hides your networked computers from direct access from the 'Net, unless you initiate the contact first. You can choose whether you want to upgrade now, or wait a few days for an automatic update to be pushed out by ZoneAlarm.
In either case, if you have chosen the default option of automatically checking for program updates, ZoneAlarm will notify you when a stable upgrade is available.
This issue only affected Windows 2000 and XP computers. I have published a new article about the reason ZoneAlarm's firewall caused a loss of Internet connectivity on my blog.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 10 Jul 2008 9:16 am
|
|
The ZoneAlarm security products known to cause a loss of Internet connectivity, after patching the DNS spoofing flaw via Windows Updates (MS08-037) are as follows:
Platforms Affected :
ZoneAlarm Free, ZoneAlarm Pro, ZoneAlarm AntiVirus, ZoneAlarm Anti-Spyware, and ZoneAlarm Security Suite
Recommended Actions -
Download and install the latest versions which solve the loss of internet access problem, here.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 10 Jul 2008 10:19 am
|
|
If you were able to get back online by lowering the ZoneAlarm Internet Zone Security slider to Medium, leave it there and wait a day or two before downloading ZoneAlarm 70_483_000. It is causing problems for some users (see the ZoneAlarm Access Forum) and may be updated to a newer version soon. If you must upgrade now and have Windows XP, please set a System Restore Point first. If you use Windows 2000 you should export your files and settings, via the Files and Settings Transfer Wizard, or else burn a backup image of the entire C drive, using Acronis True Image (and make a recovery CD from it), or Norton Ghost.
BTW: Acronis True Image 11 has just been updated to a new sub-version, specifically to improve its functions on Vista computers. Log into "My Account" at acronis.com and find the upgrade software link to download the latest version.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 10 Jul 2008 5:20 pm
|
|
Today I downloaded and installed ZoneAlarm Basic Firewall version 7.0.483.000, onto three computers (1 W2k, 2 WXP) and everything is working properly, with the Internet Zone Security sliders moved up to High.
Barring any bad interaction with your personal computer's setup this update looks to be a go.
Meanwhile, from Redmond, Washington, comes this newly added statement, as found on the Security Bulletin page for MS08-037:
| Quote: |
Why was this security bulletin revised on July 10, 2008?
Microsoft revised this security bulletin to inform users of ZoneAlarm and Check Point Endpoint Security (previously known as Check Point Integrity), from Check Point Software Technologies Ltd., of an Internet connectivity issue detailed in the following FAQ. The revision did not change the security update files in this bulletin. Customers who have already applied the update do not have to reapply the update. Users of the above software from Check Point should, however, read the following FAQ for further guidance.
What is the issue that users of ZoneAlarm and Check Point Endpoint Security may experience after installing this update?
Microsoft is aware of recent reports that users of ZoneAlarm and Check Point Endpoint Security (previously known as Check Point Integrity), from Check Point Software Technologies Ltd., are experiencing an Internet connectivity issue after applying the security updates offered by this security bulletin, MS08-037. Microsoft is continuing to investigate this issue with Check Point. Microsoft encourages the users of ZoneAlarm and Check Point Endpoint Security to review the appropriate Check Point Web site and this security bulletin for the latest guidance or software updates. |
And there you have it! Use the link in the quote (Check Point Web site) to download the patched version of the ZoneAlarm package you were using when the Internet was blocked by the firewall, after applying Microsoft's patch MS08-037.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 18 Jul 2008 12:13 pm ZoneAlarm has patched its firewalls to repair your Internet
|
|
I guess some of you missed this thread, now that it is over a week old. ZoneAlarm issued an updated version of its firewall on July 9, as I wrote about earlier in this thread...
The current version of ZoneAlarm Personal Firewall, as of July 18, 2008, is v7.0.483.000. If you still have the previous version, just download the new on and install it over the old one. After you reboot open the ZoneAlarm control panel to Firewall > Main and raise the Internet Zone Security slider back up to HIGH. The change takes effect immediately. You will be stealthed again and stay connected to the 'Net.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
