A glitch in Microsoft's latest security updates is proving to be a headache for sysadmins.

One update appears to be changing the status of software updates that had been previously approved by administrators who use Software Update Services (SUS), according to Microsoft.

"If you synchronise your server after 12 December 2005, all previously approved updates may be unapproved and the status may appear as 'updated'," Microsoft warned in a note late yesterday.

SUS is used by Microsoft admins to gain more control over which software patches get installed on their network. When a patch has been tested and determined to be appropriate for installation, it can be marked as "approved" and then automatically installed on the PCs being managed by the service.

The latest updates appear to have overwritten a file that is used to keep track of approved updates, said Russ Cooper, a scientist at security vendor Cybertrust.

Microsoft's note lists a number of work-arounds for this issue, but the simplest solution is to simply restore this file, called Approveditems.txt, from a backup copy, Cooper said. "This shouldn't be a big problem for anybody because you're backing up that text file, aren't you?" he said. "But if you're not, be prepared to do a bunch of clicking."

Microsoft plans to release a script that will reset these settings to a previous state, the company said.