Microsoft re-releases botched Windows 2000 update
IDG News Service - Microsoft has re-released a buggy update that didn't properly protect some of its Windows 2000 users from a security flaw.
The MS10-025 security update, released on April 13, was for Windows 2000 users who were also running Windows Media Services. This software -- used to stream multimedia over the Internet -- had a buggy component called the Windows Media Unicast Service that could be exploited to run unauthorized software on the PC.
Unfortunately, Microsoft's initial patch didn't quite fix the problem, according to Microsoft Security Program Manager Jerry Bryant.
"There was an additional variant [of the bug] discovered internally after the initial report," he said Tuesday in an e-mail interview. "The update addressed that variant but not the originally reported issue. When we discovered this, we thought it was important to pull the update and let customers know that they were still in a vulnerable state if they had applied the update already."
Microsoft pulled the update late last week. On Tuesday, the company re-issued the patch with the underlying bug finally fixed.
Microsoft operating systems other than Windows 2000 are not affected by the flaw; neither are Windows 2000 systems in their default configurations. Users must have added on the Windows Media Services to be at risk.
For those customers, however, the update is rated critical by Microsoft because the flaw would not be hard for attackers to exploit.
"We have not seen any active attacks for this but we know that there is proof-of-concept code out there," Bryant said. "Customers with affected systems should install the update as soon as possible."
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts