Microsoft has admitted to problems with a critical security update issued last week as part of its regular patching cycle.
The admission follows warnings from security researchers last week that exploit code to take advantage of at least six of the 21 security flaws tackled in the 12-patch release was already circulating on the internet.
Microsoft’s security response centre blog confirms an “issue we are tracking” relating to one of the 12 security updates, MS06-025, issued to fix a vulnerability in routing and remote access that could allow remote code execution.
In an entry posted to the blog, Microsoft’s security programme manager Stephen Toulouse says the problem is “very specifically related to dial up users that use dial up scripting”.
The technology is old and no longer widely used, Toulouse said. Users with dial up connections for internet or remote access services who do not use dial-up scripting or terminal windows “are unaffected”.
In an addition to its knowledge base, Microsoft said, “This issue may affect direct dial connections to a corporate or university network or to some ISPs [Internet Service Providers].”
The company was working on developing and testing a revision to the security update to address the issue, it said. Users who needed to use the dial-up scripting or terminal window features should not install the security update until a revised version is made available, Microsoft warned.