Microsoft Pulls Windows Security Bulletin

Microsoft is re-releasing a security bulletin impacting Windows 2000 Server that it issued this month as part of Patch Tuesday. According to Microsoft, the bulletin does not effectively fix the underlying vulnerability.

Microsoft has pulled support for a Patch Tuesday update that fails to properly fix a critical vulnerability on Windows 2000 Server.

The company issued MS10-025 earlier this month as part of an 11-bulletin security update for customers. The bulletin was supposed to fix an issue affecting customers running Windows 2000 Server Service Pack 4 who installed Windows Media Services, a Microsoft platform for streaming live or on-demand audio and video.

According to Microsoft, a remote code execution vulnerability exists due to the way Windows Media Unicast Service handles specially-crafted transport information packets. So far, Microsoft has not observed any attacks on the vulnerability, and Windows Media Services is not enabled by default on Windows 2000 Server.

"Customers should review the bulletin for mitigations and workarounds and those with Internet-facing systems with Windows Media Services installed should evaluate and use firewall best practices to limit their overall exposure," blogged Jerry Bryant, group manager for Microsoft Security Response Center communications. "We will continue to share updates here on the blog as available."

As a workaround, users can disable the Windows Media Unicast Service or uninstall Windows Media Services. Instructions on how to do that are contained here within the advisory.