Windows/Zone Alarm users: new Microsoft update will bork your web connection

[editor]

Grrr!

Microsoft released four patches - all rated important - as part of its regular Patch Tuesday update cycle, one of which left ZoneAlarm users locked out the internet.
The most significant of the quartet fixes a flaw in Windows' implementations of the Domain Name System protocol (MS08-037.mspx).

Multiple vendors are subject to the DNS-spoofing vulnerability, which stems from a fundamental weakness involving a lack of entropy in DNS queries rather than a specific security bug. Successfully exploiting the flaw could allow hackers to spoof DNS replies, creating a means to redirect network traffic or to mount man-in-the-middle attacks.

Unfortunately Microsoft's fix creates problems in itself, leaving users of the popular ZoneAlarm firewall unable to access the internet after they apply the patch.

The experiences of Reg reader Steve seem typical. "I woke up this morning to no internet at all and on calling my ISP's tech support I was told there was an issue with the latest patches and Zone Alarm," he reports. "I have uninstalled Zone Alarm and everything now works fine. Not sure who is to blame on this one but it has been a pain."

ZoneAlarm recommends that users uninstall the problematic patch, as a workaround, pending the resolution of the problem.

http://www.channelregister.co.uk/2008/07/09/ms_dns_patch_zonealarm_woes/

 

[Hi-ASL]

ZoneAlarm recommends that users uninstall the problematic patch, as a workaround, pending the resolution of the problem.

Apparently, setting your internet zone security to Medium will allow you to access the internet as normal, with patch in place.

As will not bothering with a firewall at all.

 

[weltweit]

I suspect there are a number of strategies being put into place to tempt people away from Zonealarm.

 

[Hi-ASL]

Ooh. I smell a conspiracy. Who's behind it, I wonder?

 

[editor]

Apparently, setting your internet zone security to Medium will allow you to access the internet as normal, with patch in place.

Cheers for that: I'd just wasted ages trying to find out how to uninstall that patch as it's not listed in either the Remove Programs dialogue box or in CCleaner.

Works just fine now

 

[Hi-ASL]

No problem. Monitor this page for a fix:

http://forums.zonealarm.com/zonelabs/board/message?board.id=Official&message.id=6

Also, Remove Programs has a checkbox for toggling display of windows updates (well, mine does anyway..).

 

[stdPikachu]

Ooh. I smell a conspiracy. Who's behind it, I wonder?

No conspiracy, just shoddy testing. The problem has been being worked on for months already (in fact, it was flagged as a potential security issue in DNS as far back as 2001), quite how zonelabs and MS didn't flag and fix this issue well ahead of today is a mystery to me.

There's going to be an awful lot of very flustered sysadmins today. This DNS advisory affects literally hundreds of different products.

 

[redsnapper]

Cheers for that: I'd just wasted ages trying to find out how to uninstall that patch as it's not listed in either the Remove Programs dialogue box or in CCleaner.

Works just fine now

Like Hi-ASl says if you check the 'show updates' box the rogue update is there but it took me hours on the phone to talktalk trying to sort this out. I didn't have a clue and was almost fobbed off twice by incompetents telling me it was a hardware problem and that I'd (essentially) have to sort it out myself. I finally spoke to a guy who twigged what it was almost straight away and said that they'd been dealing with the problem all morning, thousands affected. I've got my security updates set to notify me before installing - thanks for the link to check when the it's fixed and I can return my settings to auto download.

If anyone needs it the serial number of the offending patch is: KB951748

 

[Guineveretoo]

I left the patch, but followed some advice from zone alarm on this page http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html and it works now.

Does anyone know what the patch is supposed to do? I don't like to uninstall things like that, on the grounds that there must have been a reason for it?

 

[Hi-ASL]

New versions issued which purportedly fix the problem:

http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html

 

[weltweit]

I have an older windows but recently had problems with it that resulted in me having to remove zonealarm to get things working again.

Various organisations it seems to me do not really want zonealarm to be as successful as it has been.

 

[Hi-ASL]

And Microsoft is one? Why would they be when (to the best of my knowledge) they have no competing product?

 

[Guineveretoo]

New versions issued which purportedly fix the problem:

http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html

That is the same link as I put up. Would people not believe it when recommended by a trade union official?

 

[Hi-ASL]

Yes, I noticed that a bit later. You mentioned only that it contains "advice" though. You failed to mention that it also contains new versions.

So partial information. Feeding the huddled masses only what you want them to know. "Truth? You can't handle the truth."

Typical.

 

[Guineveretoo]

Yes, I noticed that a bit later. You mentioned only that it contains "advice" though. You failed to mention that it also contains new versions.

So partial information. Feeding the huddled masses only what you want them to know. "Truth? You can't handle the truth."

Typical.

That's because the link doesn't JUST contain a new version, it also provides other advice as to ways round the problem.

See? I wanted to provide full information, and give people choices!

 

[Hi-ASL]

You completely failed to mention that it contains new versions! You wiped the new versions from existence! Don't try to spin your way out of this!

I call bullshit!

 

[Guineveretoo]

You completely failed to mention that it contains new versions! You wiped the new versions from existence! Don't try to spin your way out of this!

I call bullshit!

 

[Hocus Eye.]

I am back on the internet with Zonealrm updated but it rejects my registration key.

I thought everything was as it should be having updated ZoneAlarm anti virus version. I was back on the internet but when I switched back on again today ZoneAlarm popped up a message saying that I was on a 15 day trial of the program. Having only paid for it last month I still had the registration key to hand and copied and pasted it in from their confirmation email.

However it has been rejected as invalid. I now will have to contact their technical support, but at the moment they will be overrun with queries about the clash with the windows update so I have given up for a while.

Why is nothing simple?