ZoneAlarm blocks internet access following Microsoft's DNS patch [Update]
Users of the ZoneAlarm personal firewall report that they can no longer access the internet after installing the current Microsoft patches. Complaints are piling up in a ZoneAlarm forum on the topic of access problems.
What apparently triggered the problem was the DNS patch, which ensures that Windows DNS queries are no longer sent from a constant UDP port selected from within a small range. Instead, after the Microsoft patch is applied, a random source port is selected for each query. ZoneAlarm's rules do not recognise these DNS queries and ZoneAlarm therefore blocks them.
Checkpoint, the vendor of ZoneAlarm, is apparently already aware of these problems and currently advises users to uninstall the Microsoft patch until a solution can be found. The switch to randomly selected source ports was necessary because security experts had shown that otherwise faked DNS responses could manipulate name resolution.
Update Since this news item was published, the problem has been rectified. See the later news regarding Checkpoint's most recent update to ZoneAlarm.
- Massive DNS security problem endangers the internet, on heise Security news.