Microsoft Reissues Windows Security Update After Mishap

By Brian Prince  |  Posted 2010-04-27

Microsoft has rereleased a security update targeting a vulnerability on Windows 2000 Server.

The company pulled support for MS10-025 last week. According to Microsoft, the Windows security bulletin failed to properly fix a remote code execution issue tied to the way Windows Media Unicast Service handles specially crafted transport information packets.

"Shortly after we released the update we received several reports that it did not protect against the vulnerability reported to us," blogged Jerry Bryant, Microsoft Security Response Center communications group manager. "At that time, we pulled the update and notified customers. The main reason for pulling the update was to save a reboot for customers who had not yet installed it. The original issue was missed due to focusing on a variant of the original report early in the investigation."

The update was originally released April 13 as part of an 11-bulletin Patch Tuesday. The bulletin focused on customers running Windows 2000 Server Service Pack 4.

So far, Microsoft has not observed any attacks targeting the vulnerability. As a workaround, users can disable the Windows Media Unicast Service or uninstall Windows Media Services. Instructions on how to do that are contained here within the advisory.

Rocket Fuel