Microsoft has issued a series of four 'important' bulletins as part of its monthly patch cycle.
The updates linked to in Tuesday's bulletins include a patch for a potentially serious underlying DNS flaw.
The flaw, which was discovered by security researcher Dan Kaminsky, affects multiple vendors, including Cisco. The Microsoft products affected by the flaw are detailed in Microsoft Security Bulletin MS08-037. DNS spoofing involves making a DNS entry point to a different IP address.
The spoofing vulnerability exists in Windows DNS clients and Windows DNS servers, and could allow an attacker to "quickly and reliably spoof responses and insert records into the DNS server or client cache, thereby redirecting internet traffic", Microsoft warned.
All supported versions of Microsoft Windows 2000, Windows XP, Windows Server 2003 and Windows Server 2008 are affected by the flaw. Microsoft claims its security update addresses the vulnerabilities by using "strongly random" DNS transaction IDs, using random sockets for UDP queries, and updating the logic used to manage the DNS cache.
However, this flaw affects many more vendors. According to US-CERT vulnerability note 800113, vendors known to be vulnerable to this flaw include Cisco, the Internet Software Consortium, Juniper Networks, Microsoft, Nominum, Red Hat and Sun. Other potentially affected vendors include Akamai, Apple, Debian/GNU Linux, Fedora, FreeBSD, Gentoo, HP, IBM, Motorola, Nokia and Ubuntu.
Microsoft's July Patch Tuesday also included bulletin MS08-040, which addresses vulnerabilities in Microsoft SQL server. The flaws are page reuse, buffer overflow and memory corruption vulnerabilities, and affect SQL Server 7.0, SQL Server 2000, SQL Server 2005, Microsoft Data Engine (MSDE) 1.0, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (WMSDE) and Windows Internal Database (WYukon).
Patch Tuesday also saw the release of bulletin MS08-038, which gave details of a saved-search vulnerability in Windows Explorer that affects multiple operating systems including Vista. Bulletin MS08-039 also gave details of cross-site scripting vulnerabilities in Outlook Web Access.
Talkback
This patch appears to have major side-effects on Windows running Zonealarm products - it basically disables internet access.
Workarounds are currently available on the Zonelabs site, although Zonelabs and Microsoft are attempting to work on a more permanent solution.
http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html