[dns-operations] FYI: Problems with Windows and the patch for VU#800113

Ben Scott mailvortex at gmail.com
Thu Jul 17 19:53:16 UTC 2008


FYI,

  I'm seeing rumblings on other lists/forms about issues with the
Microsoft MS08-037 update, which is intended to address the CERT
VU#800113 DNS spoofing/source port randomness vulnerability that
everyone's been talking about.  Specifically, it appears that many
things react badly when Microsoft's DNS software starts using random
ports rather than a single port.  That includes stuff that ships with
Windows itself.  In particular, it appears Windows Small Business
Server has some registry entries configured which conflict with what
the MS08-037 update does, and Microsoft hasn't figured out why those
registry entries are there in the first place.

  It would not surprise me to see deployment of these updates
curtailed by the IT community, and/or by Microsoft itself, until the
issues get sorted out.  Determination about if/how that might impact
you is up to you.

  Software/components I've seen specifically mentioned so far includes:

Microsoft Windows Active Directory Domain Controllers and Group Policy
Microsoft Windows Small Business Server [Windows + Exchange + SQL bundle]
Microsoft Windows IPsec service [VPN]
Microsoft Windows IAS service [RADIUS]
Microsoft Windows L2TP service [VPN]
Microsoft ActiveSync [mobile phone wireless sync software]
ZoneAlarm [firewall]
AVG Internet Security [firewall]

  The Windows Patch Management mailing list I'm on has the most info so far:

http://marc.info/?l=patchmanagement

  In particular:

http://marc.info/?l=patchmanagement&m=121632154701775&w=2

http://marc.info/?l=patchmanagement&m=121632162501913&w=2

-- Ben



More information about the dns-operations mailing list