Microsoft Pulls XP Update Over Glitch

The Associated Press
Tuesday, May 27, 2003

WASHINGTON - Microsoft Corp. withdrew a security improvement for its
flagship Windows XP software after it crippled Internet connections
for some of the 600,000 users who installed it.

Microsoft officials said Tuesday the update - which had been available
as an option since Friday on its "Windows Update" Web site -
apparently was incompatible with popular security software from other
companies, such as Symantec Corp.

Microsoft said Internet connections failed immediately for an
unspecified number of more than 600,000 computers using Windows XP who
downloaded and installed the update. Consumers could reconnect only by
removing the update, which promised to improve reliability for types
of secure Internet connections commonly used by corporations.

The glitch occurs amid a debate in Washington among cybersecurity
experts whether the technology industry should test the reliability
and security of such updates more aggressively. Hackers can easily
attack government systems where updates aren't installed routinely,
but some experts install them only reluctantly because of worries
about unintended consequences of some updates.

A White House plan completed this year instructed the General Services
Administration to work with the Homeland Security Department to study
the effects of software patches on hundreds of computer programs. The
plan said the government will share its findings with the technology

That provision fell short of earlier drafts of the White House plan,
which urged industry to create its own testing center that would make
sure updates don't cause additional security problems. Some experts
complained it wasn't feasible because of the complexity of studying
millions of possible hardware and software combinations.

Microsoft was still investigating the latest glitch, which affected an
obscure security technology in Windows. The update should have allowed
traveling executives, for example, to connect more securely and more
reliably from a hotel room back to their corporate computer networks.

Microsoft said the changes it made complied with the latest industry
standards, and said early indications linked the problems to some
popular third-party products, such as protective firewall software
sold by other companies.

Microsoft would not say how many of its customers reported problems
but said it was a small number. The company pulled the update from its
Web site over the Memorial Day weekend; officials could not say when
the update might be available again.

"Most systems didn't crash; they simply lost network connectivity,"  
said Michael Surkan, a Microsoft program manager for its networking
communications group. "There were hundreds of thousands of people who
downloaded this, and we know of only a handful of people who had the

Because the software update was considered a security improvement and
not an urgent repair, it was available only to customers who
specifically visited the Windows Update site Friday. Other repairing
patches can be delivered automatically to consumers.

main page ATTRITION feedback