Microsoft on Thursday issued a “major revision” to a
security patch released earlier this month, warning that it caused a
compatibility problem with third party software.
The original patch (MS03-045), included in the company’s first monthly
advisory, plugged a buffer overrun vulnerability in the ListBox and
ComboBox controls that could lead to harmful code execution. The flaw
carried an ‘important’ rating.
However, after the patch was released, Microsoft learned of compatibility
issues with third-party products and released a new advisory with updated
patches (New patch available here). The company did not say which third-party software had
compatibility issues.
“The compatibility problems only affect (certain) language versions of
the patch and only those versions of the patch are being re-released,”
Microsoft said, noting that the new security patches support both the Setup
switches originally documented as well as a set of new Setup switches.
The language versions affected include Brazilian, Czech, Danish, Finnish,
Hungarian, Italian, Norwegian, Polish, Portuguese, Russian, Spanish, Swedish
and Turkish.
The English language version of the patch is not affected.
Additionally, Microsoft said the updated language versions support
Windows 2000 Service Pack 2, Windows 2000 Service Pack 3, and Windows 2000
Service Pack 4 in a single security patch.
According to the revised bulletin, the software compatibility issue is
unrelated to the security vulnerability previously addressed. “Customers who
have applied the patch are protected against the vulnerability discussed in
this bulletin,” the company assured.