Microsoft has rereleased a security update targeting a vulnerability on Windows 2000 Server.
The company pulled support for MS10-025 last week.
According to Microsoft, the Windows security bulletin failed to
properly fix a remote code execution issue tied to the way Windows
Media Unicast Service handles specially crafted transport information
packets.
“Shortly after we released the update we received several reports
that it did not protect against the vulnerability reported to us,”
blogged Jerry Bryant, Microsoft Security Response Center communications
group manager. “At that time, we pulled the update and notified
customers. The main reason for pulling the update was to save a reboot
for customers who had not yet installed it. The original issue was
missed due to focusing on a variant of the original report early in the
investigation.”
The update was originally released April 13 as part of an 11-bulletin Patch Tuesday. The bulletin focused on customers running Windows 2000 Server Service Pack 4.
So far, Microsoft has not observed any attacks targeting the
vulnerability. As a workaround, users can disable the Windows Media
Unicast Service or uninstall Windows Media Services. Instructions on
how to do that are contained here within the advisory.