Microsoft Pulls XP Update Over Glitch http://www.washingtonpost.com/wp-dyn/articles/A45119-2003May27.html By TED BRIDIS The Associated Press Tuesday, May 27, 2003 WASHINGTON - Microsoft Corp. withdrew a security improvement for its flagship Windows XP software after it crippled Internet connections for some of the 600,000 users who installed it. Microsoft officials said Tuesday the update - which had been available as an option since Friday on its "Windows Update" Web site - apparently was incompatible with popular security software from other companies, such as Symantec Corp. Microsoft said Internet connections failed immediately for an unspecified number of more than 600,000 computers using Windows XP who downloaded and installed the update. Consumers could reconnect only by removing the update, which promised to improve reliability for types of secure Internet connections commonly used by corporations. The glitch occurs amid a debate in Washington among cybersecurity experts whether the technology industry should test the reliability and security of such updates more aggressively. Hackers can easily attack government systems where updates aren't installed routinely, but some experts install them only reluctantly because of worries about unintended consequences of some updates. A White House plan completed this year instructed the General Services Administration to work with the Homeland Security Department to study the effects of software patches on hundreds of computer programs. The plan said the government will share its findings with the technology industry. That provision fell short of earlier drafts of the White House plan, which urged industry to create its own testing center that would make sure updates don't cause additional security problems. Some experts complained it wasn't feasible because of the complexity of studying millions of possible hardware and software combinations. Microsoft was still investigating the latest glitch, which affected an obscure security technology in Windows. The update should have allowed traveling executives, for example, to connect more securely and more reliably from a hotel room back to their corporate computer networks. Microsoft said the changes it made complied with the latest industry standards, and said early indications linked the problems to some popular third-party products, such as protective firewall software sold by other companies. Microsoft would not say how many of its customers reported problems but said it was a small number. The company pulled the update from its Web site over the Memorial Day weekend; officials could not say when the update might be available again. "Most systems didn't crash; they simply lost network connectivity," said Michael Surkan, a Microsoft program manager for its networking communications group. "There were hundreds of thousands of people who downloaded this, and we know of only a handful of people who had the problem." Because the software update was considered a security improvement and not an urgent repair, it was available only to customers who specifically visited the Windows Update site Friday. Other repairing patches can be delivered automatically to consumers.