MS Confirms Win2K Worm Hole Patch Is Buggy
By Ryan Naraine
October 14, 2005
Microsoft Corp.'s patch for a worm-vulnerable security flaw in the Windows 2000 operating system is causing problems for some users.
The software giant late Friday confirmed several "isolated deployment issues" with the MS05-051 update, but insisted that the problems should not stop anyone from applying the critical patch.
Word of problems with the patch comes at the worst possible time for officials at the MSRC (Microsoft Security Response Center), the Redmond unit that has preached the "patch-now-or-else" gospel since the update shipped earlier this week.
With proof-of-concept exploits circulating and experts predicting that a network worm attack may be on the cards, enterprise IT administrators testing the patch are now dealing with a new round of headaches that could delay overall deployment efforts.
A Microsoft spokesperson told Ziff Davis Internet News the company is working with a "limited amount of customers" affected by the buggy patch, but stressed that all customers should still treat MS05-051 as a high-priority update.
Late Friday, Microsoft published Knowledge Base article 909444 with workarounds for Windows XP, Windows 2000 Server and Windows Server 2003 customers with the patch deployment problems.
Customers have reported that the Windows Installer service and the Windows Firewall Service did not start after the patch was deployed.
Microsoft also confirmed that the patch could cause the Network Connections folder to be empty or the Windows Update Web site to incorrectly recommend that patched computers change the Userdata persistence setting in Internet Explorer.
Other confirmed problems include:
ASP (Active Server Pages) pages that are running on Microsoft ISS (Internet Information Services) return an "HTTP 500 – Internal Server Error" error message.
The Microsoft COM+ EventSystem service will not start.
COM+ applications will not start.
The computers node in the Microsoft Component Services MMC (Microsoft Management Console) tree will not expand.
Authenticated users cannot log on, and a blank screen appears after the users apply the October Security Updates.
The MSRC also posted a Weblog entry to acknowledge the problems and noted that these only occurred in cases where the default permissions on the COM+ catalog directory and files had been changed from the default settings.
"This situation is fairly limited in the number of customers who have reported it, but we wanted to make sure people were aware we had guidance on it. We're still keeping an eye out for public exploit code for MS05-051 and have not seen any as yet. We'll be watching through the weekend, so if anything changes that you need to know about we'll update you," MSRC operations manager Mike Reavey said