Microsoft has admitted that flaws in a critical security patch issued earlier this month could leave some users unprotected.
The patch issued as part of Microsoft’s regular security bulletin on 11 October aimed to tackle a bug in DirectShow that could allow hackers to take complete control of an affected system, install programs, delete data or create new accounts with full user rights.
But the software giant has now issued a notice warning that computers “may not be updated” after installing the patch, if they are both running Windows 2000 and have DirectX 8.0 or DirectX 9.0 installed.
The notice warned, “In this scenario the computer is still vulnerable to the issue that is described in Security Update MS05-050. Additionally, when this symptom occurs, you do not receive notification that the computer is not updated.”
Microsoft has now updated the original security bulletin, with a revised version.