Security-conscious Windows users who tweaked the operating system to protect their PCs better are getting hit hardest by a flawed Microsoft patch, experts said on Monday.
Microsoft has acknowledged that a patch released last week can cause trouble for some users. It could lock them out of their computer, prevent the Windows Firewall from starting, block certain applications from running or installing and empty the network connections folder, among other things, the software maker said in an advisory on Friday.
The trouble occurs when default permission settings on a Windows folder have been changed, according to Microsoft. Those changes aren't common, but have been applied by some people to add extra security to their systems, experts said.
"The flaw in the patch affects users who tightened down access lists," said Johannes Ullrich, the chief research officer at the SANS Institute. "These are typically more-advanced, security-conscious users."
The settings are also likely to be used by businesses with strict access requirements, such as those in the financial services or health care industries, said Vijay Adusumilli, a senior product manager at security software vendor St Bernard Software. "They tighten settings for security purposes," he said.
The patch was released on Tuesday to fix four Windows vulnerabilities. Microsoft tagged the combined vulnerabilities "critical", and experts warned that a worm attack linked to the issue could be imminent. The software maker urged all users to immediately apply the update, delivered in security bulletin MS05-051.
"If users made changes to their security settings and tightened them, this patch is going to break a whole lot of software," Adusumilli said. The update simply didn't take into account all the possible Windows user configurations, he said.
The problem may result in more apprehension among users when it comes to applying Windows patches, he noted. "Microsoft's patch quality reputation just started to improve, but I think this is going to dent that a bit," Adusumilli said.
That is worrying, especially with a narrowing amount of time between the release of a software fix and a malicious code attack that exploits the vulnerability related to it, Ullrich said. The narrowing "patch window" has moved people to apply remedies faster.
"Many companies have come to rely on high patch quality to use accelerated deployment procedures for critical patches. But the problems with MS05-051 will make people think twice next time around," Ullrich said.
The flawed update delivered "two strikes against good security", Ullrich said. "First, you get penalised for running an enhanced security template. Next, you get penalised for patching quickly."
Microsoft had no immediate comment for this story.
Talkback
I recently have had major issues with the so called 'rollback' update.
I remove this option at every opportunity.
The issues are: after intall unable to use network printers installed using TCP/IP.You can Ping the printers and print using LPR, but not print from windows. Only once after uninstalling has a system worked.
I have serious doubts before installing ANY further updates, especially due to the lack of comment from Microsoft.
A perfect score isn't expected from commercial vendor patches each and every time. That wouldn't be realistic. But commercial vendors should be aware that if they release too many problematic patches too often that'll be one more reason to opt for Open Source or other alternatives instead.
As such it would help if Microsoft would release in more readable detail what the patch does how. And add more easy and actually working roll-back possibilties into each and every patch without requiring a reboot. That at least would improve patch management for the average Microsoft customer a lot. And make future mistakes easier to swallow.
PS: extra bonus if such possibilities would be made available for existing customers without requiring to sacrifice (some) budget or plenty of men hours to it.
After Windows new patch I cannot access User Accounts ,windows update and flash won't work;I feel I've been mugged !
I didnt have an issue. I use an SUS server and I have two machines (old outdated ones) I use as a test environment. I am able to test and approve updates BEFORE they get to my users. I would suggest people use this FREE tool. It will save you a lot of headaches.
I've heard of SUS. I've seen it on various sites. Best to say that if you done your research and still want to try it then by all means do. There's nothing like reality that'll get you into discussions you might talk your way out of on paper but not in reality.
As for SUS being a tool to prevent you from spreading around patches that might work out bad in you specific environment. No such thing. (W)SUS isn't that good at all. If anyhting, such trust in (W)SUS would basicly only underline misplaced trust for which there will be hell to pay for sooner or later. Maybe some people don't fully understand what OTAP is really about.