Microsoft Corrects Security Patch Issue

The software giant is forced to update one of the security patches it issued to address a TCP/IP vulnerability in several versions of Windows.

Microsoft was forced to update one of its February security patches after some users were unable to install the fix that addressed a TCP/IP vulnerability in several versions of Windows.

The software giant confirmed on its Web site that security patch number MSO6-007 was altered to provide additional installation instructions after it was discovered that some people were having issues downloading the update. The company said the problem did not affect the content of the security patch itself.

Microsoft said that shortly after the release of the patch on Feb. 14, the company realized that the fix was not working properly when installed alongside its ITMU (Inventory Tool for Microsoft Updates) using its Automatic Updates, Windows Update, Windows Server Update Services and Systems Management Server 2003 management features.

/zimages/3/28571.gifClick here to read more about Microsofts latest security patches.

The company indicated that the issue does not affect customers who installed the security patches using its Software Update Services or through Systems Management Server when not using ITMU, or obstruct users who manually installed the security patch from its Microsoft Download Center.

The company said that customers who subscribe to its Automatic Updates do not need to further address the problem as the revamped patch will be delivered via the service. However, it said that people who downloaded the patch before 8:30 p.m. PST on Feb. 14 should revisit Microsofts Windows security site and update their systems.

Microsoft also advised that IT administrators using its Windows Server Update and Systems Management Server 2003 services that had synchronized their systems to install the updates before 8:30 p.m. PST should manually synchronize their servers and approve the new updates.

The TCP/IP vulnerability addressed by the security patch involves a flaw that could allow for denial-of-service attacks against Web sites if someone sends a specially crafted IGMP (Internet Group Management Protocol) packet to an affected system. Microsoft said that such an attack could subsequently cause the affected system to stop responding.

/zimages/3/28571.gifCheck out eWEEK.coms for Microsoft and Windows news, views and analysis.