Microsoft pulls faulty Windows patch
Windows 2000 patch fails to solve the vulnerability it was designed to address
Microsoft is pulling an update for Windows 2000 issued in this month's Patch Tuesday because it simply didn't work.
Update MS10-025 was designed to fix a flaw in Windows 2000 systems running Windows Media Services (WMS). It turns out, however, that the patch failed to mend the problem it was designed to address.
"Shortly after we released the update we received several reports that it did not protect against the vulnerability reported to us," Jerry Bryant, Microsoft's group manager of response communications writes on the Microsoft Security Response Center blog. "At that time, we pulled the update and notified customers. "The main reason for pulling the update was to save a reboot for customers who had not yet installed it."
The patch was designed to prevent hackers from taking control of affected machines, but it seems Microsoft took its eye off the ball. "The original issue was missed due to focusing on a variant of the original report early in the investigation," Bryant admits.
Microsoft says it will release a corrected version of the patch this week, and in the meantime urges Windows 2000 customers with WMS installed to apply the workaround published in this bulletin.