Microsoft Patch Problematic for Some, Security Firm Says

Some users are apparently running into problems with a Microsoft patch issued earlier this week to fix a critical hole in the Windows 2000 operating system, according to an alert posted on the SANS Internet Storm Center (ISC) Web site Friday.

The patch in question is detailed in Microsoft Security Bulletin MS05-051 and is designed to address a total of four separate vulnerabilities--two of which are rated as "critical" by Microsoft.

One of the critical flaws involves a Windows 2000 component called the Microsoft Distributed Transaction Coordinator (MSDTC) that runs by default and is used to manage database, messaging, and file system transactions. The other critical flaw detailed in the same bulletin exists in the Component Object Model (COM+) service built into Windows 2000 to handle resource management tasks. The flaws exist in multiple Windows versions but were rated as critical for Windows 2000 and Windows XP Service Pack 1.

Both flaws were considered particularly dangerous by security experts because they allow attackers to take complete control of vulnerable systems and require no user interaction to be exploited. They are also similar to the vulnerability in a plug-and-play component of Windows 2000 that the creators of the Zotob worm and its variants took advantage of in August to create havoc for some large companies.

Complaints Received

Johannes Ullrich, chief technology officer at the ISC, said the organization has so far received over two dozen reports from people saying they had run into a variety of problems when attempting to install the patch associated with MS05-051.

The reported difficulties listed on the ISC site include an inability to use the Search tool in the operating system's Start menu, a blank screen upon log-in to the Windows Update site, and disruption of both Symantec's LiveUpdate virus-updating tool and the SpySweeper antispyware product from Webroot.

"These are the sort of problems that we typically see when patches don't cooperate well with various third-party software and some of the less used functions of Windows," Ullrich said. "At this point, the problems with Symantec LiveUpdate and SpySweeper are the most severe," he said.

He added that the headaches reported so far appear to be "very user-dependent," with no clear indication yet of why some users are reporting difficulties with certain functions and software while others aren't. The size and complexity of this month's patches--Microsoft released nine updates fixing a total of 14 vulnerabilities this week--could be one reason for the problems, Ullrich said.

Troubleshooting

In an e-mailed statement, Microsoft said it is aware of reports of "isolated deployment issues with security update MS05-051, and is working with the limited amount of customers affected to help resolve the issue." The company has also posted a Knowledge Base article online with more information about the issue.

A Symantec spokesman said his company's Quality Assurance team is aware of the reports and is trying to replicate the glitches. "They have not been able to replicate any of the problems up to this point," he said. "We have not seen any problems up to now that point to this patch."

Reports of the patch problems come amid growing concerns of a worm outbreak targeted at the MSDTC and COM+ vulnerabilities. Fueling those concerns was the development of an exploit earlier this week that takes advantage of both of the flaws.

This story, "Microsoft Patch Problematic for Some, Security Firm Says" was originally published by Computerworld.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon