Microsoft withdraws faulty server patch

A patch released by Microsoft Corp. yesterday to protect Windows 2000 and Windows NT servers against a denial-of-service vulnerability has been withdrawn after users who installed it complained that it caused their systems to malfunction.

Microsoft's Web site offered no details on the problem but said that the patch would be available again shortly.

Microsoft officials couldn't be reached for comment by deadline.

The patch was designed to fix a hole in the Remote Data Protocol (RDP) implementation in the terminal service in Windows NT 4.0 and Windows 2000. RDP is a communication protocol used by Windows terminal servers and clients.

By sending a particular series of data packets to an affected server, a malicious hacker could cause the server to fail, according to Microsoft's advisory on the vulnerability.

Rebooting the server will restore it to normal, but any work in progress at the time of the attack would be lost, Microsoft cautioned. The company gave the vulnerability a "moderate" risk rating under a newly introduced severity rating system announced earlier this week.

In its advisory, Microsoft had urged users to install a patch available on its site to correct the problem. But several users who downloaded the hot fix complained that it broke the service it was supposed to fix, said Russ Cooper, a moderator of the popular Windows NTBugtraq mailing list and an analyst at TruSecure Corp., a Reston. Va.-based security firm.

By last night, the mailing list had received 34 complaints from users saying that the patch caused Windows Terminal Services to stop functioning and in some cases it refused to let machines boot up to log on.

However, most people who reported problems were able to restore full functionality by simply uninstalling the patch, Cooper said.

"My understanding is that the patch that was available for download was not the one that was signed for release" by Microsoft, Cooper said.

The vulnerability and patch incident comes less than two weeks after Microsoft introduced its new Strategic Technology Protection Program designed to make it easier for enterprises to secure, and keep secure, their Windows environments.

Very few Microsoft hot fixes have behaved in this manner, Cooper said.

But "clearly, a patch that breaks the service it was supposed to fix is not indicative of the new level of concern that Microsoft said it would put into its new program," Cooper said.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jaikumar Vijayan

PC World
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

GGG Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?