Asked by:
Windows XP Home & Pro Updates and Zone Alarm Free Edition

General discussion
-
Has anyone experienced problems with Zone Alarm Free Edition
after Microsoft pushed its latest updates for Windows XP Home and
Windows XP Professional ?
The updates hit machines that were running Windows XP Home
and Pro with Service Pack 2, and after the updates were automatically
installed, the DNS services stopped working. Neither IE 7.0 nor
Mozilla Firefox 2.0.0.14 could access the Internet.
Uninstalling Zone Alarm Free Edition corrected the problem.
HOWEVER, the problem with Zone Alarm Free Edition did NOT
occur until the updates were pushed out by Microsoft.- Edited by DrDan Thursday, July 10, 2008 2:12 AM error
Thursday, July 10, 2008 2:11 AM
All replies
-
This week (starting 2008-07-07) there was a major multi-platform update with regard to a DNS vulnerability. DNS servers around the planet are being updated too. I notice that Microsoft pushed out its updates on patch Tuesday and my Vista SP1 and Windows XP SP3 systems were automatically updated at shutdown yesterday.
As usual, these updates may cause firewall hiccups on outbound requests from updated programs (Outlook Connector this time, not IE7 this time) and network access will need to be re-authorized.
UPDATE 2008-07-12: ZoneAlarm has published fixes that work around the problem. Instead of uninstalling the Microsoft Update or any version of ZoneAlarm, you can set ZoneAlarm to Medium protection (which will allow you to download the updated version). The link to "Basic Firewall" is apparently the Zone Alarm Free Edition.
A particularly difficult part of this breakdown is that users won't be able to get to the Internet to find solutions unless they figure out to adjust ZoneAlarm first or roll-back the Microsoft Update. If you have family members, friends, or colleagues who might be using ZoneAlarm on Windows XP, you might want to advise them about this situation.
The security bulletins around the latest updates are available here:
- Microsoft Security Bulletin Summary for July 2008
- Microsoft Security Bulletin MS08-037: Vulnerabilities in DNS Could Allow Spoofing
version 2.0, issued today, July 10, provides information about ZoneAlarm in the FAQ section
- US-CERT Vulnerability Notes: VU #800113 Multiple DNS implementations vulnerable to cache poisoning
With regard to ZoneAlarm, you need to contact Check Point and their support forums for the latest word on how these fixes impact their different versions and any updates that are available. They have reported they will be issuing patches (see the Information Week article, below).
Related information on the DNS exploit, ZoneAlarm, and the coordinated repair activity:
- 2008-07-09 Network Security Blog: This is not the vulnerability you're looking for
- 2008-07-08 Network Security Blog: Network Security Podcast, Episode 111, Massive DNS mulitvendor patch
- 2008-07-09 Information Week: Microsoft DNS Security Fix Knocks ZoneAlarm Users Offline
This kind of massive roll-out does have interoperability and coordination issues. It is an example of the care that must be taken. CheckPoint Software has declared to US_CERT that it does not have the vulnerability, but there are apparently secondary consequences of the repair made to Windows.
update: On Buzz Out Loud 763 today, there is a letter (scroll down the page) that suggests it is only necessary to re-install ZoneAlarm, so it will reconfigure properly for the updated version of Windows. If you do this, remember to save your personal settings and configuration to a disk file, if your ZoneAlarm permits that. That will make re-install much easier.
http://orcmid.com/blog- Edited by orcmid Saturday, July 12, 2008 4:28 PM Added latest update
Thursday, July 10, 2008 4:41 PM - Microsoft Security Bulletin Summary for July 2008
-
test test test
Kishore Kishore rThursday, September 11, 2008 5:15 AM