Microsoft SSL Patch Crashes Some Win2K Systems

The Windows MS04-011 security patch includes a bug that crashes some Windows 2000 machines, according to Microsoft. Nearly 39 percent of web-facing SSL servers are running Windows 2000, according to our March SSL Survey, making it the most widely deployed operating system for SSL systems by a margin.

The security update, arguably one of the most critical Windows security fixes ever, addresses 14 separate security holes. Among them is a Windows SSL vulnerability targeted by several published exploits, which has raised concerns of a major Internet security event. The PCT and SSL 2.0 protocols targeted by the exploit are enabled by default in Win2K.

The bug affects Windows 2000 Professional and Windows 2000 Server with the Nortel Networks VPN client installed and the IPSec Policy Agent is set to Manual or Automatic on startup. The bug causes Win2K to try repeatedly to load drivers that won't load successfully, causing the machine to stop responding or experience 100 percent system resource usage. The bug could also leave users unable to log on to Windows.

Microsoft's recommended workaround involves turning off the IPSec Policy Agent service. "Microsoft is researching this problem and will post more information in this article when the information becomes available," it said.