Microsoft withdraws faulty server patch

A patch released by Microsoft Corp. yesterday to protect Windows 2000 and Windows NT servers against a denial-of-service vulnerability has been withdrawn after users who installed it complained that it caused their systems to malfunction.

Microsoft's Web site offered no details on the problem but said that the patch would be available again shortly.

Microsoft officials couldn't be reached for comment by deadline.

The patch was designed to fix a hole in the Remote Data Protocol (RDP) implementation in the terminal service in Windows NT 4.0 and Windows 2000. RDP is a communication protocol used by Windows terminal servers and clients.

By sending a particular series of data packets to an affected server, a malicious hacker could cause the server to fail, according to Microsoft's advisory on the vulnerability.

Rebooting the server will restore it to normal, but any work in progress at the time of the attack would be lost, Microsoft cautioned. The company gave the vulnerability a "moderate" risk rating under a newly introduced severity rating system announced earlier this week.

In its advisory, Microsoft had urged users to install a patch available on its site to correct the problem. But several users who downloaded the hot fix complained that it broke the service it was supposed to fix, said Russ Cooper, a moderator of the popular Windows NTBugtraq mailing list and an analyst at TruSecure Corp., a Reston. Va.-based security firm.

By last night, the mailing list had received 34 complaints from users saying that the patch caused Windows Terminal Services to stop functioning and in some cases it refused to let machines boot up to log on.

However, most people who reported problems were able to restore full functionality by simply uninstalling the patch, Cooper said.

"My understanding is that the patch that was available for download was not the one that was signed for release" by Microsoft, Cooper said.

The vulnerability and patch incident comes less than two weeks after Microsoft introduced its new Strategic Technology Protection Program designed to make it easier for enterprises to secure, and keep secure, their Windows environments.

Very few Microsoft hot fixes have behaved in this manner, Cooper said.

But "clearly, a patch that breaks the service it was supposed to fix is not indicative of the new level of concern that Microsoft said it would put into its new program," Cooper said.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jaikumar Vijayan

PC World
Show Comments

Father’s Day Gift Guide

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?