Microsoft Admits Problem with Blockbuster Patch

Microsoft on Wednesday night acknowledged that its massive April 13 security patch was causing serious problems in some Windows 2000 systems.

The company issued a Knowledge Base Article (841382) on the issue Wednesday with the lengthy title: "Your computer stops responding, you cannot log on to Windows, or your CPU usage for the System process approaches 100 percent after you install the security update that is described in Microsoft Security Bulletin MS04-011."

Some users who installed the bulletin had their systems appear to stop responding at startup, could not log on to Windows or saw CPU usage for System processes approach 100 percent.

Microsoft blamed the problem on an issue in the patch that causes Windows 2000 to try repeatedly to load drivers that will not load. Microsoft said the issue arises if any of these three drivers are installed: Ipsecw2k.sys, Imcide.sys and Dlttape.sys. "For example, Microsoft has confirmed that this problem occurs if you have the Nortel Networks VPN client installed and if the IPSec Policy Agent is set to Manual or Automatic for the startup type," the KB article states.

The Windows 2000 installation problems have presented a Catch 22 for users, who have been trying to heed dire warnings from Microsoft and others about exploit code and worms being developed for some of the 14 vulnerabilities fixed by the patch.

Microsoft's KB article provided a workaround for users with the Nortel Networks VPN client. But the document admits that the problem may occur if other drivers or services do not load successfully. "Microsoft is researching this problem and will post more information in this article when the information becomes available," according to the KB article.

Security bulletin MS04-011 contained fixes for 14 vulnerabilities. Five of those vulnerabilities were rated as "critical" problems for Windows 2000 systems. MS04-011 was one of four security bulletins released by Microsoft on April 13. In all, the four bulletins patched 20 distinct vulnerabilities.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Microsoft Starting To Roll Out New Excel Connected Data Types

    Microsoft on Thursday announced some Excel and Power BI enhancements that add "connected data types" on top of the standard strings and numbers options.

  • Windows 10 Users Getting New Process for Finding Optional Driver Updates

    Accessing Windows 10 drivers classified as "optional updates" will be more of a manual seek-and-install type of experience, starting on Nov. 5, 2020, Microsoft explained in a Wednesday announcement.

  • Microsoft Changes Privacy Platform Name to SmartNoise

    Microsoft Research has changed the name of its "differential privacy" platform from "WhiteNoise" to "SmartNoise," according to a Wednesday announcement.

  • Why Restarting a Failed SCVMM Job Might Be a Bad Idea

    Occasionally, restarting a failed System Center Virtual Machine Manager job can leave your virtualization infrastructure in an unknown state. Here's how to avoid that.

comments powered by Disqus