Microsoft Patches Buggy Windows SSL Patch

Microsoft confirmed that disruptive bugs in a recently issued Windows security patch could cause systems to freeze or lead to system usage overload.

The buggy patch, issued earlier this month to plug numerous “critical” vulnerabilities in the Windows operating system, has caused problems for IT admins because of conflicts with installed drivers.

“[It] causes Microsoft Windows 2000 to try repeatedly to load drivers that do not load successfully,” the software giant said Wednesday, identifying the drivers as Ipsecw2k.sys, Imcide.sys and Dlttape.sys.

In those cases, the patch causes computers to stop responding at startup or locks users out of the Windows log on feature. The bugs also cause CPU usage for the System process ti approach 100 percent.

“Microsoft has confirmed that this problem occurs if you have the Nortel Networks VPN client installed and if the IPSec Policy Agent is set to Manual or Automatic for the startup type.”

As a temporary workaround, Microsoft recommended that users of the Nortel Networks VPN client disable the IPSec Policy Agent service from Safe Mode or from the Recovery Console.

News of the buggy patch comes at a crucial time for Microsoft, which has struggled to cope with software vulnerabilities and troublesome patches. In this case, the bugs have been detected in the MS04-011 patch, which fixes 14 serious Windows vulnerabilities.

An attacker who successfully exploited the most severe of these
vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.

Security researchers have already detected an “SSL Bomb” exploit code circulating underground that could potentially lead to worm and virus attacks.

Symantec has already warned of abnormal port-scanning activity and evidence of a backdoor Trojan infecting machines through the MS04-011 flaw.