Microsoft fixes faulty security patch

The "hotfix" is designed to address a problem in a patch for a flaw that is already being used by worms.

Dawn Kawamoto Former Staff writer, CNET News

Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.

Dawn Kawamoto

Aug. 21, 2006 5:03 a.m. PT

2 min read

Microsoft on Thursday issued a "hotfix" for a fault in a security patch designed to correct a flaw already being targeted by worms.

The company is making the hotfix, or repair code targeted to a specific issue, available upon request, according to a posting on its Web site. The fix addresses the problem of programs failing if they request one gigabyte or more of information on a patched system.

Computers running x64-based versions of Microsoft Windows Server 2003, along with Service Pack 1 and Windows XP Professional x64 Edition, are affected, if the MS06-040 update has been installed. Only 32-bit programs can encounter problems, Microsoft said.

The software giant said that Microsoft Business Solutions Navision 3.7, for example, may fail under such conditions.

MS06-040 was part of a dozen security patches Microsoft released earlier this month as part of its monthly patch cycle. The patch, which Microsoft had rated "critical," was designed to prevent attackers from exploiting a vulnerability that could allow a remote code execution.

Users were urged to install MS06-040 as soon as possible, given that worms were already trying to take advantage of the vulnerability, according to a posting on the SANS Internet Storm Center.

MS06-040 was not the only problematic patch in the August update. MS06-042 also created problems for users who installed the critical patch. In that case, Microsoft's Internet Explorer browser could crash when various Web sites were viewed. The company has said it plans to re-release the MS06-042 bulletin and patch on Aug. 22.