Microsoft has issued workaround instructions for a buggy patch issued last Tuesday as part of its monthly security update. The patch repairs a critical security hole, which could leave Windows 2000 systems open to an Internet worm attack. Microsoft says that few systems have been affected by issues with the update for a security hole known as MS05-051, which could allow attackers to gain control of Windows 2000 computers via an unchecked buffer in the Microsoft Distributed Transaction Coordinator (MSDTC).
Late last week users began reporting significant problems on some Windows XP, Windows 2000 and Windows Server 2003 systems after the patch was applied. Although few users were directly affected, the bug reports may have prompted many network administrators to delay patching their systems until the issues were resolved.
That scenario could be trouble, as several security firms have produced working code that allow attackers to take control of Windows 2000 machines, raising expectations that a fast-spreading Internet worm will soon target the vulnerability. Millions of web sites around the world continue to run on Windows 2000, including 18 companies in the Fortune 100 and 33 in the UK's FTSE 100.
While no exploit code has been publicly released, security researchers are concerned about a worm emerging. "We're not currently aware of active attacks that use this exploit code or of customer impact at this time," noted Stephen Toulouse from the Microsoft Security Response Center. "This just illustrates the danger out there however and we want to reiterate: if you are running the older versions of the operating systems, like Windows 2000, we strongly urge you to deploy the critical updates for that platform, like MS05-051, as soon as possible!"