It’s been a bumpy week for Microsoft-related security issues as the company found itself dealing with broken fixes and a new zero-day exploit. On the plus side, the software giant was at least able to address a problem in its patch distribution service.
This week’s Patch Tuesday consisted of four bulletins with eight fixes, not one of which was considered a critical fix, the most important and vital of fixes, so users did have the luxury of waiting a few days before installing.
Those that did and used ZoneAlarm found their Internet was gone. ZoneAlarm is a third-party security system that includes a firewall and a check of incoming and outgoing traffic. Upon installing MS08-037, a fix for vulnerabilities in the Windows Domain Name System (DNS) that could allow for domain spoofing, ZoneAlarm would block Internet access.
Complaints began to appear on Broadband Reports and other techie sites. The problem applies to all ZoneAlarm products – the Free, Pro, AntiVirus, Anti-Spyware and Security Suite editions – which are all based on ZoneAlarm technology. .
Check Point Software Technologies, makers of Zone Alarm, posted three suggestions to fix the problem: set the firewall to medium security, uninstall the patch, or add your DNS servers to the trusted zone of the application.
A common strategy among malware writers is to wait until Patch Tuesday to see what Microsoft fixes. If Microsoft doesn’t fix an exploit they’ve found, then they unleash their malware, knowing they are likely to have a month of free reign before the fix comes out, since Microsoft rarely issues out-of-band fixes unless they are severe.
Unleashing a payload of malware
So it was with a Word zero-day exploit. When the hole wasn’t plugged this past Tuesday, the malware writers unleashed their payload. Fortunately, the issue is limited to just one version of the Microsoft word processor, Word 2002 (from Office XP) Service Pack 3. A specially crafted Word file could gain full access to the computer, meaning it would have as much use over the computer as a local user sitting at the keyboard.
Anti-virus vendor BitDefender was one of the first to identify the problem, as was Symantec’s Security Response team. Microsoft has also acknowledged the problem. Until a fix is issued, the old rules of common sense apply: don’t open an e-mail attachment from an unknown source.
The one thing that is going Microsoft’s way is it fixed a problem with Windows Server Update Services (WSUS) version 3.0 and 3.0 Service Pack 1. WSUS is like Windows Update, only it is used internally to a company so employees get fixes and patches from their internal server rather than Microsoft.com.
Under specific conditions, which included having Microsoft Office 2003 installed, WSUS would not let clients detect any updates from a WSUS server. Microsoft has issued a fix that should allow for proper distribution of fixes.