Microsoft issues Patch Tuesday DNS fix

Summary:The software giant has released four security bulletins for July, including one that addresses a potentially serious DNS spoofing flaw affecting multiple vendors' products

Microsoft has issued a series of four 'important' bulletins as part of its monthly patch cycle.

The updates linked to in Tuesday's bulletins include a patch for a potentially serious underlying DNS flaw.

The flaw, which was discovered by security researcher Dan Kaminsky, affects multiple vendors, including Cisco. The Microsoft products affected by the flaw are detailed in Microsoft Security Bulletin MS08-037. DNS spoofing involves making a DNS entry point to a different IP address.

The spoofing vulnerability exists in Windows DNS clients and Windows DNS servers, and could allow an attacker to "quickly and reliably spoof responses and insert records into the DNS server or client cache, thereby redirecting internet traffic", Microsoft warned.

All supported versions of Microsoft Windows 2000, Windows XP, Windows Server 2003 and Windows Server 2008 are affected by the flaw. Microsoft claims its security update addresses the vulnerabilities by using "strongly random" DNS transaction IDs, using random sockets for UDP queries, and updating the logic used to manage the DNS cache.

However, this flaw affects many more vendors. According to US-CERT vulnerability note 800113, vendors known to be vulnerable to this flaw include Cisco, the Internet Software Consortium, Juniper Networks, Microsoft, Nominum, Red Hat and Sun. Other potentially affected vendors include Akamai, Apple, Debian/GNU Linux, Fedora, FreeBSD, Gentoo, HP, IBM, Motorola, Nokia and Ubuntu.

Microsoft's July Patch Tuesday also included bulletin MS08-040, which addresses vulnerabilities in Microsoft SQL server. The flaws are page reuse, buffer overflow and memory corruption vulnerabilities, and affect SQL Server 7.0, SQL Server 2000, SQL Server 2005, Microsoft Data Engine (MSDE) 1.0, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (WMSDE) and Windows Internal Database (WYukon).

Patch Tuesday also saw the release of bulletin MS08-038, which gave details of a saved-search vulnerability in Windows Explorer that affects multiple operating systems including Vista. Bulletin MS08-039 also gave details of cross-site scripting vulnerabilities in Outlook Web Access.

Topics: Operating Systems

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.