Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Microsoft pulls patch that can slow Windows XP

From: InfoSec News <isn () c4i org>
Date: Thu, 24 Apr 2003 20:46:42 -0500 (CDT)
http://www.nwfusion.com/news/2003/0424micropulls.html

By Joris Evers and Paul Roberts
IDG News Service, 04/24/03

Microsoft pulled a security patch for Windows XP systems with Service 
Pack 1 installed after customers complained that installing the patch 
slowed their systems down to a crawl. 

Microsoft is working on a revised patch for Windows XP Service Pack 1 
and will re-issue that patch when it has been completed and fully 
tested, the Redmond, Washington, software maker said in a revised 
version of its security bulletin MS03-013 posted late Wednesday. 

Originally released on April 16, the security bulletin addressed a 
buffer overrun vulnerability in the Windows kernel, which manages core 
services for the operating system such as allocating processor time 
and memory, as well as error handling. 

A flaw in the way the kernel passes error messages to a debugger could 
enable a malicious hacker to take any action on a vulnerable system 
such as deleting data, reconfiguring the device or modifying user 
accounts and privileges, Microsoft said in its advisory. 

Soon after the patch was released, however, Windows XP users began 
complaining in online forums of performance problems that appeared 
after the patch was applied. 

Users reported that Windows XP can take up to 10 seconds or even more 
to start an application after installation of the patch. Removing the 
patch brings system speed back to normal, Windows XP users wrote in 
dozens of postings on several online discussion boards. 

In updating its security bulletin, Microsoft acknowledged those 
problems, but said that customers running Windows XP Service Pack 1 
should still consider applying the flawed patch as protection until a 
new version is released. 

"Customers are encouraged to review this security bulletin... (and) 
assess whether their particular environments demand that the patch 
should be applied immediately or whether their particular level of 
risk permits delaying deployment of the patch until it is revised and 
the performance problem corrected," the company said. 

Microsoft said it will also publish a knowledge base article that 
describes what environmental factors produce slow downs when combined 
with the XP patch and what can be done to reduce the impact of the 
slow downs should they occur. 



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: