Microsoft irons out security patch

Fixes glitches in delivery and installation of an update sent out last week in its monthly security bulletin.

Dawn Kawamoto
Dawn Kawamoto Former Staff writer, CNET News
Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.
Microsoft on Tuesday fixed two glitches related to one of its recently released security patches.

One of the problems, in security bulletin MS06-034, led some people to be repeatedly offered the same patch via Microsoft's update delivery tools, the software company said.

"Last night we fixed a couple of issues from last week's release," the Microsoft Security Response Center team wrote in a posting on their blog. "One issue was that even though you installed the update, you could still be getting it reoffered to you via Windows Update, Microsoft Update, Automatic Update or WSUS."

A second glitch affected people running Windows Server 2003 Service Pack 1. In this particular case, the MS06-034 patch would not be offered to users if the initial update failed to install. In certain cases, users may not have been aware that the security patch had not taken hold. Microsoft has provided information on both issues on its Web site.

"Because the second issue might have involved a silent failure, we recommend all Windows 2003 SP1 users rerun detection on these systems to make sure that their systems have updated properly," Microsoft's security team advised.

The MS06-034 patch was delivered last week as part of Microsoft's monthly patch cycle. The flaw, a risk mainly in Web servers that let people upload new content, could enable an intruder to commandeer the server by uploading a malformed ASP file.