Microsoft withdraws faulty server patch

A patch released by Microsoft Corp. yesterday to protect Windows 2000 and Windows NT servers against a denial-of-service vulnerability has been withdrawn after users who installed it complained that it caused their systems to malfunction.

Microsoft's Web site offered no details on the problem but said that the patch would be available again shortly.

Microsoft officials couldn't be reached for comment by deadline.

The patch was designed to fix a hole in the Remote Data Protocol (RDP) implementation in the terminal service in Windows NT 4.0 and Windows 2000. RDP is a communication protocol used by Windows terminal servers and clients.

By sending a particular series of data packets to an affected server, a malicious hacker could cause the server to fail, according to Microsoft's advisory on the vulnerability.

Rebooting the server will restore it to normal, but any work in progress at the time of the attack would be lost, Microsoft cautioned. The company gave the vulnerability a "moderate" risk rating under a newly introduced severity rating system announced earlier this week.

In its advisory, Microsoft had urged users to install a patch available on its site to correct the problem. But several users who downloaded the hot fix complained that it broke the service it was supposed to fix, said Russ Cooper, a moderator of the popular Windows NTBugtraq mailing list and an analyst at TruSecure Corp., a Reston. Va.-based security firm.

By last night, the mailing list had received 34 complaints from users saying that the patch caused Windows Terminal Services to stop functioning and in some cases it refused to let machines boot up to log on.

However, most people who reported problems were able to restore full functionality by simply uninstalling the patch, Cooper said.

"My understanding is that the patch that was available for download was not the one that was signed for release" by Microsoft, Cooper said.

The vulnerability and patch incident comes less than two weeks after Microsoft introduced its new Strategic Technology Protection Program designed to make it easier for enterprises to secure, and keep secure, their Windows environments.

Very few Microsoft hot fixes have behaved in this manner, Cooper said.

But "clearly, a patch that breaks the service it was supposed to fix is not indicative of the new level of concern that Microsoft said it would put into its new program," Cooper said.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jaikumar Vijayan

PC World
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?