Microsoft: Windows patch is flawed

Software giant confirms a problem in a security update it issued for Windows 98 and Windows ME in January.

Microsoft has acknowledged that a security patch issued in January for its Windows 98 and Windows ME operating systems may cause performance issues for customers who have downloaded the update.

According to a notice posted Friday in the discussion group section of the company's TechNet site, Microsoft's KB891711 update, which was released to address a vulnerability related to cursor and icon format handling, fails to adequately protect users of Windows 98, Windows 98 SE and Windows ME. The patch was included as part of security bulletin MS05-002, one of the software giant's regular monthly updates.

In the short statement, a company representative stopped short of telling people to uninstall the update, noting that removal of the patch would still leave customers compromised.

"At this point, we have been able to confirm these reports and are currently working on a resolution," Jerry Bryant, of Microsoft's Security Response Center, said in posting. "Please note that by uninstalling the current update, the machine will return to a vulnerable state."

According to Bryant's post, Microsoft has yet to be notified by anyone who has experienced an attack related to the problem.

According to customer posts on the discussion site, the security issue is related to Microsoft's Internet Explorer and may cause computers to crash once the patch is installed.