Microsoft NT 4 Security Patch Flawed
- By Scott Bekker
- July 30, 2003
Microsoft on Tuesday acknowledged problems with a Windows NT 4.0 security patch that was first released on June 23.
Users running Windows NT 4.0 Server with the Routing and Remote Access Service (RRAS) enabled reported problems after installing patch MS03-029. Apparently after installing the patch and rebooting, RRAS would fail.
"It does not affect other non-RRAS functions, nor is there a problem with the actual fix for the security vulnerability itself," Microsoft wrote in an explanation now included in the security bulletin.
Customers who are directly affected can contact Microsoft Product Support Services for a hotfix, but the fixed patch won't be publicly released until Microsoft has tested it more thoroughly, the company said.
The occasion for the original patch was a denial-of-service vulnerability in a Windows NT 4.0 file management function. Microsoft originally gave the problem a "moderate" severity rating.
The security bulletin explaining the security vulnerability and the problems with the patch can be found here:
Scott Bekker is editor in chief of Redmond Channel Partner magazine.