Microsoft issues Patch Tuesday DNS fix

Microsoft issues Patch Tuesday DNS fix

Summary: The software giant has released four security bulletins for July, including one that addresses a potentially serious DNS spoofing flaw affecting multiple vendors' products


Microsoft has issued a series of four 'important' bulletins as part of its monthly patch cycle.

The updates linked to in Tuesday's bulletins include a patch for a potentially serious underlying DNS flaw.

The flaw, which was discovered by security researcher Dan Kaminsky, affects multiple vendors, including Cisco. The Microsoft products affected by the flaw are detailed in Microsoft Security Bulletin MS08-037. DNS spoofing involves making a DNS entry point to a different IP address.

The spoofing vulnerability exists in Windows DNS clients and Windows DNS servers, and could allow an attacker to "quickly and reliably spoof responses and insert records into the DNS server or client cache, thereby redirecting internet traffic", Microsoft warned.

All supported versions of Microsoft Windows 2000, Windows XP, Windows Server 2003 and Windows Server 2008 are affected by the flaw. Microsoft claims its security update addresses the vulnerabilities by using "strongly random" DNS transaction IDs, using random sockets for UDP queries, and updating the logic used to manage the DNS cache.

However, this flaw affects many more vendors. According to US-CERT vulnerability note 800113, vendors known to be vulnerable to this flaw include Cisco, the Internet Software Consortium, Juniper Networks, Microsoft, Nominum, Red Hat and Sun. Other potentially affected vendors include Akamai, Apple, Debian/GNU Linux, Fedora, FreeBSD, Gentoo, HP, IBM, Motorola, Nokia and Ubuntu.

Microsoft's July Patch Tuesday also included bulletin MS08-040, which addresses vulnerabilities in Microsoft SQL server. The flaws are page reuse, buffer overflow and memory corruption vulnerabilities, and affect SQL Server 7.0, SQL Server 2000, SQL Server 2005, Microsoft Data Engine (MSDE) 1.0, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (WMSDE) and Windows Internal Database (WYukon).

Patch Tuesday also saw the release of bulletin MS08-038, which gave details of a saved-search vulnerability in Windows Explorer that affects multiple operating systems including Vista. Bulletin MS08-039 also gave details of cross-site scripting vulnerabilities in Outlook Web Access.

Topic: Operating Systems

Tom Espiner

About Tom Espiner

Tom is a technology reporter for He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


1 comment
Log in or register to join the discussion
  • KB951748 cripples PC's running Zonealarm

    This patch appears to have major side-effects on Windows running Zonealarm products - it basically disables internet access.

    Workarounds are currently available on the Zonelabs site, although Zonelabs and Microsoft are attempting to work on a more permanent solution.