Microsoft fixes faulty security patch

Microsoft on Thursday issued a "hotfix" for a fault in a security patch designed to correct a flaw already being targeted by worms.

The company is making the hotfix, or repair code targeted to a specific issue, available upon request, according to a posting on its Web site. The fix addresses the problem of programs failing if they request one gigabyte or more of information on a patched system.

Computers running x64-based versions of Microsoft Windows Server 2003, along with Service Pack 1 and Windows XP Professional x64 Edition, are affected, if the MS06-040 update has been installed. Only 32-bit programs can encounter problems, Microsoft said.

The software giant said that Microsoft Business Solutions Navision 3.7, for example, may fail under such conditions.

MS06-040 was part of a dozen security patches Microsoft released earlier this month as part of its monthly patch cycle. The patch, which Microsoft had rated "critical," was designed to prevent attackers from exploiting a vulnerability that could allow a remote code execution.

Users were urged to install MS06-040 as soon as possible, given that worms were already trying to take advantage of the vulnerability, according to a posting on the SANS Internet Storm Center.

MS06-040 was not the only problematic patch in the August update. MS06-042 also created problems for users who installed the critical patch. In that case, Microsoft's Internet Explorer browser could crash when various Web sites were viewed. The company has said it plans to re-release the MS06-042 bulletin and patch on Aug. 22.

[extinctone]

Patch. Patch the patch. Patch the patches patch.

Life in a Microsoft world.

[extinctone]

BTW...

As I start to type the previous subject, Firefox fills it in after a few characters. I've posted that same subject on average about 8 times a year.

Even the most devout Microsoft IT guys/gals (generally the least talented amongst us) surely are starting to get the message, no? No, I'm not one of those Mac zealots, I work with no less than a dozen platforms any given month. But even the purest of Microsoft (infected) networks can look for one small piece that can be replaced by non-Microsoft technologies. Start there, before you know it you are saving $100's of dollars a year each employee/PC you have.

[gestry]

What is your problem??

I learned the hard way not to use any Windows' updates.
I use CA's fire wall, antivirus, and pestpatrol, along with several other free products like Ad-aware to protect my computer.
The last warning from Homeland Security and Microsoft said these worms attack only two ports that even free firewalls protect.
Why does everyone pannic when ever Microsoft "discovers" a flaw?? Microsoft usually "discovers" the flaw when they are notified by the firewall and antivirus providers.
The products sold for home computers work just as well for corporations. The companies do charge more for corporation use, but it's worth not having to reinstall windows on twenty computers that just crashed because Windows' patches are worse than the threat they usually don't prevent.
I have never had a crash caused by any of these products.

[maverick_nick]

Patch lead to crash

The last two times that I patched my system with automatic updates, my Windows wouldn't start up. So now I decided to backup and not patch. I've got a lesser chance of having a problem without patching, than if I do.

[don9307]

The Microsoft Fix

I think we are losing the "Big Picture" when it comes to combating computer viruses, worms, trojans, etc. We need to start viewing the makers of these malicious computer programs for who they relly are, criminals! No less criminals as people who would attack a little old lady on the street for her purse, or steal money from the church collection plate. Microsoft pours many manhours and plenty of bucks at the problem of shoring up its OS from vulnerabilities discovered "after" the creator of malicious code has done his dirty work. But companies like Microsoft shouldn't have to do this. Why do we sit around and wait for the next virus to pop up, then write a security patch to fix the threat. We should be going after these people, to take them off the virtual streets, so to speak, and remove the threat from the source. I know this sounds naive, but it's the truth nonetheless. Like taking the drug dealer off the street contributes to the war on drugs. There are plenty of people out there who know of someone who brags of writing this or that code to crash someone's PC. Let's take back our virtual freedom from the evildoers who have too much time on their hands.

[qwerty75]

re

They may spend plenty of bucks and many manhours but it is not even close to what other spend to apply these half-baked patches.

If MS spent so much, don't you think they could at least come out with a product once in a while that is not a total security sieve?

[qwerty75]

also

If the people taking advantage of exploits that came about through improper design and bad coding criminals(which they are), what exactly is MS?

[don9307]

The Microsoft Fix

I think we are losing the "Big Picture" when it comes to combating computer viruses, worms, trojans, etc. We need to start viewing the makers of these malicious computer programs for who they relly are, criminals! No less criminals as people who would attack a little old lady on the street for her purse, or steal money from the church collection plate. Microsoft pours many manhours and plenty of bucks at the problem of shoring up its OS from vulnerabilities discovered "after" the creator of malicious code has done his dirty work. But companies like Microsoft shouldn't have to do this. Why do we sit around and wait for the next virus to pop up, then write a security patch to fix the threat. We should be going after these people, to take them off the virtual streets, so to speak, and remove the threat from the source. I know this sounds naive, but it's the truth nonetheless. Like taking the drug dealer off the street contributes to the war on drugs. There are plenty of people out there who know of someone who brags of writing this or that code to crash someone's PC. Let's take back our virtual freedom from the evildoers who have too much time on their hands.

[qwerty75]

The funny thing is

Even if a patch causes no extra problems, Windows is still no more secure then without the patch.

[Seaspray0]

Your post makes me laugh.

If the patch prevents hackers from exploiting the operating system, then it is more secure. But what should I expect from someone who hates windows, constantly derides, but never backs up anything with facts?

[Seaspray0]

Provide the facts.

Please post these thousands of holes you mention. I wish to see them.