As part of the most recent 2nd-Tuesday-of-the-month “patch Tuesday” (July 8, 2008), Microsoft released patches for Windows 2000, Windows XP, Windows Server 2003 and Windows Server 2008. Windows Vista (neither the 32- or 64-bit versions) is NOT affected. Windows 2000/XP users who are using ZoneAlarm could lose internet connectivity after applying the patch. Read ZoneAlarm’s press release about that here.

(This patch does require a reboot.)

For specific information, read Microsoft Security Bulletin MS08-037 and Knowledge Base Article 953230.

DNS (Domain Name System) translates “friendly” site names (like preparedpc.com) into numeric addresses used by the internet computers. The problem: a basic flaw in unpatched DNS installations allows malicious person(s) to, in effect, replace entire sections of the internet with bogus websites. How this could affect you: after typing in a correct website address (for example, your online banking site), accessing the internet through an internet service provider’s (ISP) unpatched “poisoned” DNS server would redirect you to a “phishing” website that the malicious person(s) had designed to attempt to trick you into providing your username and password.

Security researcher Dan Kaminsky of IOActive.com discovered this serious problem and has quietly worked since March, 2008 with many vendors and engineers to develop patches for this issue. Read his blog entry to get an idea of the many people who have been involved in addressing this problem. Mr. Kaminsky has made a tool available on his site to test the DNS server (not the DNS client on your local computer) for this flaw. In order to give vendors time to patch their DNS servers, Mr. Kaminsky is waiting until August 6, 2008 to release the technical details of this flaw.

Takeaway: While there have been no reports (yet) of malicious activity as a result of this flaw, the good news is that there are fixes available. As ISPs patch (or in some cases, replace) their DNS servers, make sure your own computers are patched in order to protect yourself.