Faulty Microsoft security patch leaves users unprotected

Microsoft has admitted there is a problem with one the security patches it issued this week as part of its monthly patching cycle. The fault means some users will have to install the patch again, to make sure they are fully protected.

The affected patch number is MS06-007, which is designed to fix a TCP/IP vulnerability in several versions of Windows, which could allow a denial-of-service attack.

Microsoft labelled the patch as “important” rather than critical, and said that users should install it as soon as possible. It was one of seven patches issued by the company this week, two of them being labelled as critical.

Soon after the release of MS06-007, Microsoft discovered a problem for users who tried to install it through the Automatic Updates, Windows Update, Windows Server Update Services (WSUS), and Systems Management Server 2003 distribution channels, when used with the Inventory Tool for Microsoft Updates (ITMU).

Customers using Automatic Updates won’t have to take any action because the patch will install properly with their next scheduled update.

A number of other users using different update systems will now have to install the patch again, said Microsoft.