[ISN] Critical Windows patch may wreak PC havoc

InfoSec News isn at c4i.org
Mon Oct 17 00:01:59 EDT 2005


http://news.com.com/Critical+Windows+patch+may+wreak+PC+havoc/2100-1002_3-5896041.html

By Joris Evers 
Staff Writer, CNET News.com
October 14, 2005

A Microsoft patch meant to fix critical security flaws in Windows
2000, Windows XP and Windows Server 2003 is causing trouble for some
users, the company said Friday.

The patch was released Tuesday to fix four Windows flaws, including
one that experts predict will be exploited by a worm in the coming
days. The flaw, tagged "critical" by Microsoft, lies in a Windows
component for transaction processing called the Microsoft Distributed
Transaction Coordinator, or MSDTC.

Installing the patch can cause serious problems, Microsoft said in an
advisory posted to its Web site Friday. The patch could lock users out
of their PC, prevent the Windows Firewall from starting, block certain
applications from running or installing, and empty the network
connections folder, among other things, the software maker said.

The trouble appears to occur only when default permission settings on
a Windows directory have been changed, according to Microsoft. The
software maker has received "limited reports" of problems from
customers but is still investigating the issue, a representative said.

Even if users experience PC trouble after installing the patch, they
will still be protected against any attack exploiting the Windows
flaw, a Microsoft representative said. The patch was delivered with
Microsoft security bulletin MS05-051.

To resolve any problems caused by the MS05-051 patch, users should
restore the default permissions for the Windows folder and the COM+
catalog. A guide is available on the Microsoft Web site, and steps
start with changing the permissions on the "registration" folder in
the Windows directory.





More information about the ISN mailing list