The latest Microsoft software patch is crashing Windows 2000 machines, the company admitted yesterday. The problem is related to drivers in Nortel's VPN client or Compaq tape drives, but there could be more conflicts as yet undiscovered, the software giant warned.
Some systems that use the security update, MS04-011, stop responding when they start up, prevent users from logging on to Windows, or bog down, Microsoft said in an article on its Knowledge Base online help database.
The security patch was released on 13 April and fixes a number of holes in Windows, including problems with Windows implementation of Secure Sockets Layer (SSL), a protocol that is frequently used to secure communications between servers and clients on public networks and the Internet.
Included in the patch is a fix for a buffer overrun in the PCT protocol, which is part of Microsoft's SSL library. PCT is a protocol in that library that was developed by Microsoft and Visa to conduct encrypted communication on the Internet.
Shortly after Microsoft released that patch, malicious code that could be used to trigger the PCT buffer overflow and compromise Windows systems appeared on the Internet. In recent days, security companies warned of widespread attacks that use the exploit code, though the code hasn't yet been tied to a virus or Internet worm.
An attacker who could exploit the PCT hole could take complete control of affected systems, installing programs, viewing, modifying or deleting data or changing user access to the system, Microsoft said.
Since releasing the patch, Microsoft has encouraged customers to apply it as soon as possible. However, now it appears that the patch comes with its own problems. The Knowledge Base article said that a software change in the patch causes Windows 2000 systems to repeatedly try to load drivers that cannot load successfully, causing the hangups.
It lists three software drivers that, if installed, make Windows 2000 systems susceptible to the slowdowns. The Knowledge Base article also described specific problems and a workaround procedure for Windows systems that have Nortel's virtual private network client installed.
However, the company acknowledged that the slowdowns may occur with other combinations of drivers and services that don't load successfully. Microsoft said it is researching the slowdown problem and will release more information when it is available.
Faulty patches are a frequent source of concern for Microsoft, which encourages its customers to install security patches as soon as possible to protect Windows systems from attack. Network administrators, on the other hand, are often reluctant to move quickly with software updates, fearing that, once installed, they will break critical systems.