Microsoft Admits Problem with Blockbuster Patch -- Redmondmag.com

Microsoft Admits Problem with Blockbuster Patch

By Scott Bekker
04/29/2004

Microsoft on Wednesday night acknowledged that its massive April 13 security patch was causing serious problems in some Windows 2000 systems.

The company issued a Knowledge Base Article (841382) on the issue Wednesday with the lengthy title: "Your computer stops responding, you cannot log on to Windows, or your CPU usage for the System process approaches 100 percent after you install the security update that is described in Microsoft Security Bulletin MS04-011."

Some users who installed the bulletin had their systems appear to stop responding at startup, could not log on to Windows or saw CPU usage for System processes approach 100 percent.

Microsoft blamed the problem on an issue in the patch that causes Windows 2000 to try repeatedly to load drivers that will not load. Microsoft said the issue arises if any of these three drivers are installed: Ipsecw2k.sys, Imcide.sys and Dlttape.sys. "For example, Microsoft has confirmed that this problem occurs if you have the Nortel Networks VPN client installed and if the IPSec Policy Agent is set to Manual or Automatic for the startup type," the KB article states.

The Windows 2000 installation problems have presented a Catch 22 for users, who have been trying to heed dire warnings from Microsoft and others about exploit code and worms being developed for some of the 14 vulnerabilities fixed by the patch.

Microsoft's KB article provided a workaround for users with the Nortel Networks VPN client. But the document admits that the problem may occur if other drivers or services do not load successfully. "Microsoft is researching this problem and will post more information in this article when the information becomes available," according to the KB article.

Security bulletin MS04-011 contained fixes for 14 vulnerabilities. Five of those vulnerabilities were rated as "critical" problems for Windows 2000 systems. MS04-011 was one of four security bulletins released by Microsoft on April 13. In all, the four bulletins patched 20 distinct vulnerabilities.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.
Fallout from Microsoft's 'Midnight Blizzard' Saga Hits Feds

When the Russian attack group Midnight Blizzard successfully breached Microsoft corporate e-mail accounts late last year, it apparently managed to steal U.S. government agency e-mails, too.