Microsoft acknowledged Tuesday that a recent security patch is causing problems on machines running the Windows NT 4.0 operating system.
The patch, released July 23 and described in Microsoft Security Bulletin MS03-029, causes the Routing and Remote Access Service (RRAS) on NT 4.0 machines to fail, Microsoft said.
MS03-029 patches a vulnerability in Windows NT 4.0's Server file management function. That vulnerability could make machines running NT 4.0 vulnerable to denial of service attacks, Microsoft said.
However, Microsoft customers described a variety of problems immediately after downloading and installing the patch on vulnerable systems, including error messages and problems trying to log on to affected systems.
RRAS allows remote users to securely connect to NT 4.0 systems over dialup or broadband Internet connections.
More than 30 NT 4.0 users reported problems after applying the patch since reports of the problem surfaced on Friday, according to Russ Cooper, editor of the NTBugtraq mailing list.
Initially silent, Microsoft updated its Security Bulletin on Tuesday and sent out an e-mail message confirming that the patch was flawed. Microsoft is investigating the problem and will issue a fix to correct it soon, the company said.
A loosely tested "hot fix" is available for companies that need an immediate fix for the problem, Microsoft said. The company also noted that the patch is effective in guarding NT 4.0 systems against denial of service attacks, as intended.
Customers not using RRAS will encounter error messages after applying the patch, but other NT 4.0 functionality is not affected, Microsoft said.
While at least one affected NT 4.0 user encountered problems uninstalling MS03-029, most were able to do so without problems, restoring RRAS service that way, Cooper said.
The incident is the latest example of a security patch gone awry. In April, Microsoft was forced to acknowledge and fix a problem with a patch for Windows XP that caused slow downs on systems that applied the patch.