Microsoft withdraws faulty server patch

Microsoft has withdrawn a patch to protect Windows 2000 and Windows NT servers against a denial-of-service vulnerability after...

Microsoft has withdrawn a patch to protect Windows 2000 and Windows NT servers against a denial-of-service vulnerability after users complained that it caused their systems to malfunction.

Microsoft's Web site offered no details on the problem but said that the patch would be available again shortly.

The patch was designed to fix a hole in the Remote Data Protocol (RDP) implementation in the terminal service in Windows NT 4.0 and Windows 2000. RDP is a communication protocol used by Windows terminal servers and clients.

By sending a particular series of data packets to an affected server, a malicious hacker could cause the server to fail, according to Microsoft.

Rebooting the server will restore it to normal activity, but any work in progress at the time of the attack would be lost. The company gave the vulnerability a "moderate" risk rating under its new severity rating system.

Microsoft urged users to install a patch available on its site to correct the problem. However, several users who downloaded the fix complained that it broke the service it was supposed to fix.

Russ Cooper, a moderator of the Windows NTBugtraq mailing list, said that within hours of the patch being released, his list received 34 complaints from users. Most said that the patch caused Windows Terminal Services to stop functioning, and in some cases it refused to let machines boot up to log on.

However, Cooper reported that most people who experienced problems were able to restore full functionality by simply uninstalling the patch.

"My understanding is that the patch that was available for download was not the one that was signed for release," Cooper said.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close