As part of its Patch Tuesday update cycle, Microsoft just
released four patches, all labeled as important, for a set of vulnerabilities
reported last month.
The fundamental flaw found in the Domain Name System (DNS),
offers hackers the possibility of redirecting unsuspecting Web surfers to
alternate addresses and mess with the DNS records of network providers. Even
though the dangers of DNS poisoning have been announced for quite some time, it
is only recently that several demonstrations of such an action convinced the
company to begin the work on a solution.
DNS is basically used for converting Web addresses into
numerical sequences, which are then used by computers in order to move through the
Internet traffic.
Unfortunately, even though the patches were developed to fix
the problems, they managed to create others, as users of the popular ZoneAlarm
firewall found themselves unable to access the Internet after applying the
patch. Users reported their problems but so far there are no clear ways of
dealing with the problem.
ZoneAlarm recommends for all users encountering this problem
to uninstall the patch and wait for its bug to be handled.
The other three patches take care of some vulnerabilities
found in Exchange server and SQL Server and also some bugs in Windows Explorer.
The issues found in Windows Explorer can provide hackers with the means to
install malware on vulnerable system using Windows Vista.
Apart from Microsoft Corp.’s efforts, Cisco Systems Inc. and
Sun Microsystem Inc. also released on Tuesday several software patches for
their users, significantly boosting the Internet access protection level.
"This is the largest synchronized security upgrade in
the history of the Internet," said a statement from the Computer Security
Response Team, or CERT, a division of Homeland Security. "An attacker
could easily take over portions of the Internet and redirect users to arbitrary
and malicious locations."
The flaw has been discovered by accident several months ago
and a specially designed team composed of researchers from all the companies
involved worked assiduously in order to develop the security patches released
simultaneously on Tuesday.
It is believed that the flaw has not been exploited before
the fix by hackers and the companies strongly advise all users to quickly
install the patches to be sure that their systems are safe. Normally, computers
should get the patch through their set automated updates, but in the cases
where the users’ confirmation is required for all such activities, researchers
encourage people not to neglect the matter and accept the system’s update.
Many of the technical details will still be unavailable for
another month or so, in order for companies to have sufficient time to update
the systems without the worry of hackers attempting to unpick the patch.
"This hasn't been done before and it is a massive
undertaking," said security expert Dan Kaminsky, as quoted by BBC News. He
also added that people should indeed be concerned about the issue but not panic
about it, as it has been identified and handled in good time.
