Windows chokes on latest Microsoft patch

Patch MS05-051 disables firewall for some users

Tom Sanders in California, vnunet.com 17 Oct 2005

Some computer administrators are reporting issues with Microsoft's latest security update which is designed to fix a critical flaw in Windows.

The SANS Internet Storm Centre warned that in some cases security update MS05-051 will cause a host of problems, including blocking access to the Microsoft update website, displaying a blank log-in screen without icons, and issues with Office applications.

A Microsoft spokeswoman confirmed the glitch to vnunet.com, explaining that the problems are "isolated deployment issues" and that the company is working with the affected users to resolve the issue.

Microsoft issued the security bulletin and patch on 11 October. The bulletin describes a vulnerability rated 'critical' in the MSDTC and COM+ components of Windows. Unpatched systems are susceptible to attacks that could allow them to be taken over by cyber-criminals.

Early reports suggest that worm authors have already crafted malware that exploits the security hole described in the bulletin.

The problems with the security patch affect users that have changed the default settings of the COM+ catalog files, Microsoft said in a Knowledge Base article published on Friday.

The problem occurs in Windows XP, 2000 and Server 2003. The document also provides instructions on how to revolve the issue.

When the security patch is applied, it will prevent the firewall and Windows installer from starting. Windows will also display an empty 'network connections' folder and will not run any COM+ applications.

The Microsoft Component Object Model enables components inside Windows to communicate. The technology allows Word documents to dynamically exchange data with an Excel spreadsheet, for instance.