Another faulty Patch from Microsoft

Discussion in 'other security issues & news' started by Antarctica, Jul 30, 2003.

Thread Status:
Not open for further replies.
  1. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,620
    Location:
    Canada
    This time for Windows NT


    Microsoft Fixing Another Faulty Patch

    Users experiencing log-on problems after applying security fix.

    Paul Roberts, IDG News Service
    Wednesday, July 30, 2003

    Microsoft acknowledged Tuesday that a recent security patch is causing problems on machines running the Windows NT 4.0 operating system.


    Advertisement




    The patch, released July 23 and described in Microsoft Security Bulletin MS03-029, causes the Routing and Remote Access Service (RRAS) on NT 4.0 machines to fail, Microsoft said.

    MS03-029 patches a vulnerability in Windows NT 4.0's Server file management function. That vulnerability could make machines running NT 4.0 vulnerable to denial of service attacks, Microsoft said.

    Instant Errors
    However, Microsoft customers described a variety of problems immediately after downloading and installing the patch on vulnerable systems, including error messages and problems trying to log on to affected systems.

    RRAS allows remote users to securely connect to NT 4.0 systems over dialup or broadband Internet connections.

    More than 30 NT 4.0 users reported problems after applying the patch since reports of the problem surfaced on Friday, according to Russ Cooper, editor of the NTBugtraq mailing list.

    Under Investigation
    Initially silent, Microsoft updated its Security Bulletin on Tuesday and sent out an e-mail message confirming that the patch was flawed. Microsoft is investigating the problem and will issue a fix to correct it soon, the Redmond, Washington, company said.

    A loosely tested "hot fix" is available for companies that need an immediate fix for the problem, Microsoft said. The company also noted that the patch is effective in guarding NT 4.0 systems against denial of service attacks, as intended.

    Customers not using RRAS will encounter error messages after applying the patch, but other NT 4.0 functionality is not affected, Microsoft said.

    While at least one affected NT 4.0 user encountered problems uninstalling MS03-029, most were able to do so without problems, restoring RRAS service that way, Cooper said.

    The incident is the latest example of a security patch gone awry. In April, Microsoft was forced to acknowledge and fix a problem with a patch for Windows XP that caused slow downs on systems that applied the patch.
     
  2. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    Well, this is not the first time i mention it, but will repeat myself :
    DO NOT install any Mickey$soft patch until the patch to fix the patch is issued ;)
     
  3. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,620
    Location:
    Canada
    Hi MickeyTheMan,

    Your'e absolutly right. That's why usually I always wait two weeks before installing a Patch from Mickey$$Soft. :)
     
Loading...
Thread Status:
Not open for further replies.