April 29, 2004
(IDG News Service)
Microsoft Corp. said yesterday that a recently released software patch for its Windows operating system is causing some Windows 2000 machines to stop responding after it is installed.
Some systems that use security update MS04-011 stop responding when they start up, prevent users from logging onto Windows or bog down, Microsoft said in an article in its Knowledge Base online help database.
The security patch was released April 13 and fixes a number of holes in Windows, including problems with the Windows implementation of Secure Sockets Layer, a protocol that's frequently used to secure communications between servers and clients on public networks and the Internet (see story).
Included in the patch is a fix for a buffer overrun in the Private Communications Transport (PCT) protocol, which is part of Microsoft's SSL library. The SSL library was developed by Microsoft and Visa International Inc. to conduct encrypted communication on the Internet, Microsoft said.
Shortly after Microsoft released the patch, malicious code that could be used to trigger the PCT buffer overflow and compromise Windows systems appeared on the Internet. In recent days, security companies warned of widespread attacks that use the exploit code, though the code hasn't yet been tied to a virus or an Internet worm.
An attacker who could exploit the PCT hole could take complete control of affected systems, installing programs, viewing, modifying or deleting data or changing user access to the system, Microsoft said.
Since releasing the patch, Microsoft has encouraged customers to apply it as soon as possible. However, now it appears that the patch comes with its own problems.
Microsoft's Knowledge Base article said a software change in the patch causes Windows 2000 systems to repeatedly try to load drivers that can't load successfully, causing the hang-ups.
The company listed three software drivers that, if installed, make Windows 2000 systems susceptible to the slowdowns. The Knowledge Base article also describes specific problems and a work-around procedure for Windows systems that have Nortel Networks Ltd.'s virtual private network client installed.
However, the company acknowledged that the slowdowns may occur with other combinations of drivers and services that don't load successfully.
Microsoft said it is researching the slowdown problem and will release more information when it is available.
Faulty patches are a frequent source of concern for Microsoft, which encourages its customers to install security patches as soon as possible to protect Windows systems from attack. Network administrators, on the other hand, are often reluctant to move quickly with software updates, fearing that once installed, they will break critical systems.