June 20, 2006 6:30 PM PDT
'Critical' Microsoft fix breaks some Net connections
The fix delivered with security bulletin MS06-025 can interfere with a certain types of dial-up networking connections, Microsoft said in an article on its support Web site published late Monday. The patch repairs two "critical" security flaws in Windows that could allow an attacker to commandeer a vulnerable PC.
Problems occur only with dial-up connections that use a terminal window, or dial-up scripting, Microsoft said. This type of connection may stop responding after applying the patch, the software maker said.
"This is an older technology that is rarely used by modern dial-up connections," Microsoft said in the support article. The issue may affect direct-dial connections to a corporate network, to a university network or to some Internet service providers, it said.
Microsoft is working on a revised security patch to address the issue. Meanwhile, the company recommends that people who need to use dial-up scripting or terminal window features do not install the security update.
The MS06-025 patch is one of 12 security bulletins Microsoft released last week with fixes for 21 flaws. Attack code that exploits some of those flaws is already out, increasing the risk to users. There is no known public exploit for the flaws patched by MS06-025, however a private exploit is available to users of a tool made by security vendor Immunity, according to Symantec.
Patches cause trouble at times, on occasion prompting Microsoft to fix those it's released. In April, Microsoft released a second version of a Windows Explorer update because the original interfered with Hewlett-Packard software and Nvidia drivers.
3 commentsJoin the conversation! Add your comment