Microsoft fixes another faulty patch

A security patch Microsoft issued last week for the Windows NT 4.0 operating system is causing problems.

A security patch Microsoft issued last week for the Windows NT 4.0 operating system is causing problems.

The patch, released on 23 July and described in Microsoft Security Bulletin MS03-029, causes the Routing and Remote Access Service (RRAS) on NT 4.0 machines to fail, Microsoft said.

MS03-029 patches a vulnerability in Windows NT 4.0's Server file management function that could make machines vulnerable to denial of service attacks.

RRAS allows remote users to securely connect to NT 4.0 systems over dialup or broadband internet connections.

More than 30 NT 4.0 users reported problems after applying the patch since reports of the problem surfaced on Friday, according to Russ Cooper, editor of the NTBugtraq mailing list.

These included error messages and problems trying to log on to affected systems.

Microsoft has updated its security bulletin and sent out an e-mail message confirming that the patch was flawed. Microsoft is investigating the problem and will issue a fix to correct it soon.

A loosely tested "hot fix" is available for companies that need an immediate fix for the problem. The company also noted that the patch is effective in guarding NT 4.0 systems against denial of service attacks, as intended.

Customers not using RRAS will encounter error messages after applying the patch, but other NT 4.0 functionality is not affected, Microsoft said.

While at least one affected NT 4.0 user encountered problems uninstalling MS03-029, most were able to do so without problems, Cooper said.

The incident is the latest example of a security patch gone awry. In April, Microsoft was forced to acknowledge and fix a problem with a patch for Windows XP that caused systems that applied the patch to slow down.

Paul Roberts writes for IDG News Service

Read more on IT risk management