Microsoft Pulls Windows Security Bulletin

 
 
By Brian Prince  |  Posted 2010-04-23 Email Print this article Print
 
 
 
 
 
 
 

Microsoft is re-releasing a security bulletin impacting Windows 2000 Server that it issued this month as part of Patch Tuesday. According to Microsoft, the bulletin does not effectively fix the underlying vulnerability.

Microsoft has pulled support for a Patch Tuesday update that fails to properly fix a critical vulnerability on Windows 2000 Server.

The company issued MS10-025 earlier this month as part of an 11-bulletin security update for customers. The bulletin was supposed to fix an issue affecting customers running Windows 2000 Server Service Pack 4 who installed Windows Media Services, a Microsoft platform for streaming live or on-demand audio and video.

According to Microsoft, a remote code execution vulnerability exists due to the way Windows Media Unicast Service handles specially-crafted transport information packets. So far, Microsoft has not observed any attacks on the vulnerability, and Windows Media Services is not enabled by default on Windows 2000 Server.

"Customers should review the bulletin for mitigations and workarounds and those with Internet-facing systems with Windows Media Services installed should evaluate and use firewall best practices to limit their overall exposure," blogged Jerry Bryant, group manager for Microsoft Security Response Center communications. "We will continue to share updates here on the blog as available."

As a workaround, users can disable the Windows Media Unicast Service or uninstall Windows Media Services. Instructions on how to do that are contained here within the advisory.

 

 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel