Security Upgrade Failed to Handle Problem, Taken Down by Microsoft
The software giant Microsoft has pulled a recent security upgrade for Windows 2000 Server.
As per the reports, the patch was pulled as it was not fixing the "critical" flaws in the Windows Media Services component. A successful update could permit an assailant to distantly implement attack code on a targeted machine.
Microsoft said that it would be functioning on an update for MS10-025 patch. This patch was issued as part of monthly 'Patch Tuesday' update package, in the third week of April 2010.
Jerry Bryant, Group Manager of Security Response Center Communications at Microsoft, said that "only the users of Windows 2000 Server who have installed Windows Media Services are affected with the security update MS10-025. This is a non-default configuration. Microsoft learned that the patch does not effectively deal with the underlying problem, and so the patch was pulled on April 21, 2010. Also, Microsoft does not know about any live attacks seeking to exploit this issue. The company also said that it is aiming at the update's rerelease for the fourth week of April, as reported by TechNet Blogs on April 21, 2010.
Bryant added that the users must follow-up the announcement for mitigations and workarounds. The customers with Internet confronting machines with Windows Media Services installed must assess and use firewall best practices to restrict their overall vulnerability.
Microsoft, by rating the media updates so highly, demonstrates that it knows that these vulnerabilities could become a target of the hackers who may abuse them in executing social engineering attacks. This would involve making a particularly rigged video and enticing an innocent Web user to play it on their system, thereby empowering the awful remote code execution set-up.
This announcement of Microsoft taking down its patch comes a few days after some other faulty update rocked the security community.
McAfee is still on the job to mend the resulted damage when a defective antivirus patch created mayhem by causing system crashes on a few Windows XP systems. The vulnerability was a concern for both McAfee customers as well as for those under attack by an associated group of rogue antivirus applications.
To fix 25 flaws over an array of software packages and operating systems, Microsoft has issued 11 patches in its April Patch Tuesday monthly security update, according to the report.
Related article: Securities Push Up A Must For Web Companies
» SPAMfighter News - 26-04-2010