DNS name resolution issues after installation of Windows Update discussed in bulletin MS08-037

We have been hearing of an issue since the recent release of an update to address a DNS spoofing vulnerability, MS08-037, discussed in KB951748.  After application of the update, affected systems can experience problems with applications that rely on DNS name resolution.  For example, a user on an affected system would not be able to browse the Internet.

The cases we have seen so far have involve ZoneAlarm software and Check Point Endpoint Security (previously named Check Point Integrity). 

There are updates available for the ZoneAlarm products affected as well as interim workarounds posted at the following link at the ZoneAlarm site:

Workaround to Sudden Loss of Internet Access Problem

Check Point has updates available for its Endpoint Security and Integrity products as well.  These updates and additional information may be found at this link:

Installing Microsoft security update for Windows (KB951748) might prevent Secure Access, Endpoint Security (Integrity) and ZoneAlarm users from accessing the Internet

We recommend updating the Check Point or ZoneAlarm software to correct the problem.  We do not recommend not installing or uninstalling the update described in security bulletin MS08-037.  Please read the bulletin to learn more about this vulnerability:

Microsoft Security Bulletin MS08-037 – Important

More information about the vulnerabilities corrected in this update may be found here:



Security Vulnerability Research & Defense – MS-08-037: More entropy for the DNS resolver

– Mike Platts