http://www.nwfusion.com/news/2003/0424micropulls.html By Joris Evers and Paul Roberts IDG News Service, 04/24/03 Microsoft pulled a security patch for Windows XP systems with Service Pack 1 installed after customers complained that installing the patch slowed their systems down to a crawl. Microsoft is working on a revised patch for Windows XP Service Pack 1 and will re-issue that patch when it has been completed and fully tested, the Redmond, Washington, software maker said in a revised version of its security bulletin MS03-013 posted late Wednesday. Originally released on April 16, the security bulletin addressed a buffer overrun vulnerability in the Windows kernel, which manages core services for the operating system such as allocating processor time and memory, as well as error handling. A flaw in the way the kernel passes error messages to a debugger could enable a malicious hacker to take any action on a vulnerable system such as deleting data, reconfiguring the device or modifying user accounts and privileges, Microsoft said in its advisory. Soon after the patch was released, however, Windows XP users began complaining in online forums of performance problems that appeared after the patch was applied. Users reported that Windows XP can take up to 10 seconds or even more to start an application after installation of the patch. Removing the patch brings system speed back to normal, Windows XP users wrote in dozens of postings on several online discussion boards. In updating its security bulletin, Microsoft acknowledged those problems, but said that customers running Windows XP Service Pack 1 should still consider applying the flawed patch as protection until a new version is released. "Customers are encouraged to review this security bulletin... (and) assess whether their particular environments demand that the patch should be applied immediately or whether their particular level of risk permits delaying deployment of the patch until it is revised and the performance problem corrected," the company said. Microsoft said it will also publish a knowledge base article that describes what environmental factors produce slow downs when combined with the XP patch and what can be done to reduce the impact of the slow downs should they occur. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Apr 25 2003 - 01:38:50 PDT