Microsoft Admits Problem with Blockbuster Patch
- By Scott Bekker
- April 29, 2004
Microsoft on Wednesday night acknowledged that its massive April 13 security patch
was causing serious problems in some Windows 2000 systems.
The company issued a Knowledge Base Article (841382) on the issue Wednesday with the lengthy title: "Your computer stops responding, you cannot log on to Windows, or your CPU usage for the System process approaches 100 percent after you install the security update that is described in Microsoft Security Bulletin MS04-011."
Some users who installed the bulletin had their systems appear to stop responding at startup, could not log on to Windows or saw CPU usage for System processes approach 100 percent.
Microsoft blamed the problem on an issue in the patch that causes Windows 2000 to try repeatedly to load drivers that will not load. Microsoft said the issue arises if any of these three drivers are installed: Ipsecw2k.sys, Imcide.sys and Dlttape.sys. "For example, Microsoft has confirmed that this problem occurs if you have the Nortel Networks VPN client installed and if the IPSec Policy Agent is set to Manual or Automatic for the startup type," the KB article states.
The Windows 2000 installation problems have presented a Catch 22 for users, who have been trying to heed dire warnings from Microsoft and others about exploit code and worms being developed for some of the 14 vulnerabilities fixed by the patch.
Microsoft's KB article provided a workaround for users with the Nortel Networks VPN client. But the document admits that the problem may occur if other drivers or services do not load successfully. "Microsoft is researching this problem and will post more information in this article when the information becomes available," according to the KB article.
Security bulletin MS04-011 contained fixes for 14 vulnerabilities. Five of those vulnerabilities were rated as "critical" problems for Windows 2000 systems. MS04-011 was one of four security bulletins released by Microsoft on April 13. In all, the four bulletins patched 20 distinct vulnerabilities.
Scott Bekker is editor in chief of Redmond Channel Partner magazine.