MS update KB951748 and ZoneAlarm --- PROBLEM

winchester73 · July 08, 2008, 08:29:26 PM

For those of you using ZoneAlarm who installed the windows updates today, you probably already know that your internet connection has died. It appears that KB951748 made changes to the networking files that ZA doesn't see/recognize.

After two hours of messing around, I found an inelegant solution that will work temporarily ... set the Internet Zone Security permission slider from high to medium. The connection will be restored.

I discovered this after I finally figured out ZA was blocking my internet connections, and turned it off. Once everything worked again as normal, I started playing around and hit on this lowered permission setting.

I imagine the ZA forum will be full of better solutions, but thought this would get you back up and running in the short term.

winchester73 · July 08, 2008, 08:59:14 PM

Discussion here: http://www.dslreports.com/forum/r20759839-MS-update-KB951748-and-ZoneAlarm-PROBLEM

Personally, I'm not uninstalling/reinstalling ZA as suggested, nor am I wiping out all of my custom settings. For now, since I am hiding behind a router, I'll leave the Medium setting in place and await some sort of resolution after people have had a chance to think about it (without reacting first).

Eric the Red · July 08, 2008, 09:23:53 PM

Please note, this update is not applicable to the following so should not appear on Auto Update:

Windows Vista and Windows Vista Service Pack 1

Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1

Windows Server 2008 for Itanium-based Systems.

dickw · July 08, 2008, 09:47:07 PM

Greetings all,

I have just completed on this PC downloading and installing

Update for Windows XP (KB951978)
Security Update for Windows XP (KB951978)
Windows Malicious Software Removal Tool (KB890830)

Rebooted, with no problems at all. I did check before doing so that my Zone Alarm Firewall was/is running on Medium so perhaps that is why I had no trouble. :thumbsup:

sigma · July 09, 2008, 09:40:12 AM

Who's been a busy bee?

I saw your post at DSL reports when I became aware of reports of the problem. I hope you don't mind my further broadcasting your recommendation and linking to that post.

Many thanks... :goodie:

Corrine · July 09, 2008, 12:34:04 PM

With further regard to the referenced Microsoft Update, KB 951748, it is an extremely important update and definitely should be installed. Unless you elect to replace ZA with another firewall, Winchester's work around is recommended.

See Heise Security: Massive DNS security problem endangers the internet

Also from Heise Security: Microsoft patch day: nine plugged, two open

QuoteThis update appears to relate to the massive DNS security problems affecting multiple vendors. Amongst other things the patch ensures that the selection of the UDP source port for DNS queries is random. This may lead to problems with restrictive personal firewall configurations which rely on DNS queries always coming from the same port, resulting in users being disconnected from the internet. An allow rule, allowing UDP packets from arbitrary ports to UDP port 53 of the ISP's DNS server and the associated responses, is a possible workaround.

The problem with Zone Alarm appears to be that it does not see the changes and continues to use the previously known files, ignoring the newer files provided in the update.

winchester73 · July 09, 2008, 01:33:25 PM

Yeah ... quite frightening read here: http://www.breitbart.com/article.php?id=080709124916.zxdxcmkx&show_article=1

Ripley · July 09, 2008, 03:23:21 PM

Playing catchup with this topic:

XPSP2, ZA free, behind a router, and have not installed KB 951748 yet, thankfully.

Just skimmed through the DSL thread, haven't had time to get to the ZA forum.

Right now I am still trying to get my head around what I *thought* I recall in the MS advance notice bulletin that this KB 951748 update was labeled as "important" not "critical," in regards to what I am reading about this massive DNS security "problem" reported in the Heise article.

Will have more time tonight to check back to sort our my choices for a work around.

Corrine · July 09, 2008, 06:50:30 PM

Ripley, if I had Windows XP and ZA, I would follow Winchester's advice.

Corrine · July 09, 2008, 09:27:39 PM

From Newsgroups: microsoft.public.windowsupdate

QuoteCarl MSFT    7/9/2008 12:54 PM PST

   We (Microsoft) are aware of an issue that is affecting the ability of Zone
Alarm customers to access the Internet after the installation of the MS08-037
(KB951748) Security Update released on July 9th.

Both Microsoft and Zone Alarm are actively working on the issue. For further
help in resolving the issue, we suggest you contact Zone Alarm customer
service at 1-877-966-5221 (within North America), +1 415 633 4588 (outside
the United States), or by faxing to +1 415 633 4589.

The Zone Alarm website states that technical support is available for a fee
by calling 877-365-ZONE (9663). If you have another means of accessing the
Internet, the Zone Alarm website (www.zonealarm.com) has some recommended
workarounds.

One of the temporary workarounds that is mentioned on the Zone Alarm website
is to change the Zone Alarm Personal Firewall to a setting of "Medium"
protection. The Zone Alarm site says that it does not recommend this option,
as it may reduce your security level. Microsoft also does not recommend this
workaround, but it may temporarily allow Internet access.

Ripley · July 10, 2008, 12:18:04 AM

Having alittle more time to read through all this here, at broadbandreports (link above), and giving up over at ZA forums, who are swamped with multiple threads, it made more sense to me to install KB 951748 and make the reasonable temp workaround in ZA.
Had I not been behind a router, I don't know if I'd make a choice to reduce the security level of my firewall however.

As best I can understand this DNS issue, and the "coordinated" effort of those vendors, including MS to issue these patches, it seems that having the KB 951748 goes beyond "important."

Was sooo appreciative that Winchester73 took the time to futz with the possible workarounds and report it. Better you than me around firewalls and troubleshooting connection issues.

These are the type of "experiences" that get reported online that cause people to disregard or ignore certain OS security updates beyond the time of fixes or alternatives, and actually leave themselves in a more vulnerable position in the long run it seems.

Once again Winchester73, thank you for the heads up...twas "hearing" violins playing hero cowboy music all day today :lol:

winchester73 · July 10, 2008, 12:27:58 AM

:hug:

I've tried multiple workarounds today. So far the only thing that seems to work reasonably is to have the slider set the Medium. Since you are following the DSLR thread, you know that ZA has changed their press release ... from the last and worst option being to set the slider, to that now being option 1. There are some changes in my router that I'm investigating ... so far nothing firmware related. At this point, I think it is up to ZA to fix this issue. I think Microsoft has done what needs to be done regarding this security flaw. Since no firewalls other than ZA seem to be affected by the update, I think the problem is theirs.

Ripley · July 10, 2008, 12:38:45 AM

Quote from: Winchester73Since you are following the DSLR thread, you know that ZA has changed their press release ... from the last and worst option being to set the slider, to that now being option 1.

Yes, saw that. You might end up with a job offer coming your way :lol:

Quote from: Winchester73At this point, I think it is up to ZA to fix this issue. I think Microsoft has done what needs to be done regarding this security flaw.

That's what my grey matter came up with as well.
As I stated above, it makes more sense to make this MS update the priority, or get another firewall. I'll be watching Checkpoint's response.

Ripley · July 10, 2008, 01:49:04 AM

For those ZA people following, the Checkpoint/ZA press release page we are discussing is here

As of the time of this post, there is a version update for the paid version:

QuoteRecommended Actions -

Download and install latest versions here:
# ZoneAlarm Internet Security Suite
# Come back here for other product versions to be released soon - or follow the directions below.

I am using a free version, so have no further info on whether it works.

Eric the Red · July 10, 2008, 06:45:39 AM

Ripley,

Check back on that ZA page, it has been updated and now includes a solution for ZA Free.