Microsoft withdraws faulty server patch

A patch released by Microsoft Corp. yesterday to protect Windows 2000 and Windows NT servers against a denial-of-service vulnerability has been withdrawn after users who installed it complained that it caused their systems to malfunction.

Microsoft's Web site offered no details on the problem but said that the patch would be available again shortly.

Microsoft officials couldn't be reached for comment by deadline.

The patch was designed to fix a hole in the Remote Data Protocol (RDP) implementation in the terminal service in Windows NT 4.0 and Windows 2000. RDP is a communication protocol used by Windows terminal servers and clients.

By sending a particular series of data packets to an affected server, a malicious hacker could cause the server to fail, according to Microsoft's advisory on the vulnerability.

Rebooting the server will restore it to normal, but any work in progress at the time of the attack would be lost, Microsoft cautioned. The company gave the vulnerability a "moderate" risk rating under a newly introduced severity rating system announced earlier this week.

In its advisory, Microsoft had urged users to install a patch available on its site to correct the problem. But several users who downloaded the hot fix complained that it broke the service it was supposed to fix, said Russ Cooper, a moderator of the popular Windows NTBugtraq mailing list and an analyst at TruSecure Corp., a Reston. Va.-based security firm.

By last night, the mailing list had received 34 complaints from users saying that the patch caused Windows Terminal Services to stop functioning and in some cases it refused to let machines boot up to log on.

However, most people who reported problems were able to restore full functionality by simply uninstalling the patch, Cooper said.

"My understanding is that the patch that was available for download was not the one that was signed for release" by Microsoft, Cooper said.

The vulnerability and patch incident comes less than two weeks after Microsoft introduced its new Strategic Technology Protection Program designed to make it easier for enterprises to secure, and keep secure, their Windows environments.

Very few Microsoft hot fixes have behaved in this manner, Cooper said.

But "clearly, a patch that breaks the service it was supposed to fix is not indicative of the new level of concern that Microsoft said it would put into its new program," Cooper said.

Join the newsletter!

Error: Please check your email address.

More about MicrosoftTruSecure

Show Comments

Market Place