Users of the ZoneAlarm suite will need to patch it before applying Tuesday's Windows DNS patch.
A Windows patch designed to fix a security hole in the Internet's DNS resolution system left a swathe of customers without 'net access this Tuesday.
The issue was caused by a bizzare incompatibility between the patched Windows system files and the popular – if a little Fisher-Price – ZoneAlarm personal firewall package. Any users running ZoneAlarm and installing Microsoft's MS08-037 patch, released as part of the regular Patch Tuesday update cycle, will have found themselves cut off from the 'net after rebooting their systems.
According to CNet
has been created by CheckPoint Software, the company behind ZoneAlarm, which restores connectivity in affected systems. There's only one teeny
little snag – you have to download it.
Workarounds to ensure that you can grab the patch – aside from downloading it somewhere else – include switching ZoneAlarm from 'high' to 'medium' security, uninstalling the MS08-37 patch and then reinstalling again after updating ZoneAlarm, or temporarily switching to the built-in Windows firewall until the update is applied.
The Microsoft patch that prompted this issue, which only affects ZoneAlarm installations, was part of a massive effort on behalf of a large number of networking companies addressing a security flaw in the domain name resolution system used to turn friendly domain names into IP addresses. Before the hole was plugged, it was theoretically possible for a malicious individual to point browsers to fake websites without ever needing to compromise their PC and router. Thanks to the companies involved, including Microsoft, this issue has been resolved – albeit not without a few hiccoughs along the way.
Any ZoneAlarm users had a few issues since Tuesday and only now finding out why? Perhaps you're still
having issues – in which case you won't be able to read this? Does the fault for this problem lie with Microsoft for not testing the patch with a popular firewall package, or with CheckPoint for doing something weird with the Windows system files that no other firewall vendor does? Share your thoughts over in the forums