Experts warn not to apply Microsoft patch

Microsoft yesterday released details of yet another vulnerability in versions of Windows, but some security experts are dubious about the contents of the patch for Windows 2000.

The flaw in question is in the Windows kernel and affects XP, NT and 2000. Labelled as 'important', the bug affects the way the kernel passes error messages to a debugger.

It means that an attacker could write a program to exploit the flaw and run code of their choice or take any action on the system including deleting data, adding accounts with administrative access, or even reconfiguring the machine.

But, although a patch has been issued, security experts have recommended users to avoid applying it because it contains a number of unidentified files for which no information is available.

Bronek Kozicki, of Polish security firm Rubikon, and Russ Cooper, of security mailing list NTBugTraq, have both advised that users should not install the Win2k patch until Microsoft releases further details.

"The Windows 2000 version of [this advisory] contains numerous files not listed in the manifest supplied in [the Microsoft Knowledge Base article]," said Cooper.

He listed 10 recently modified files in the patch for which details are not included. This included Ntdll.dll, which was previously included in a fix for a vulnerability discovered on 17 March 2003 (MS03-007) that has been confirmed as causing problems with certain system configurations.

"As has been previously reported, there are definitely problems installing MS03-007 on systems which had previously applied a Product Support Services supplied hot fix," said Cooper.

"If Microsoft has somehow fixed the problems with MS03-007, it has never said so.

"I would strongly suggest that you avoid applying the latest patch [MS03-013] unless you are able to test it in a non-production environment, and possibly wait until Microsoft provides some form of clarification.

"Both the Security Bulletin and Microsoft's Knowledge Base article are incorrect in stating that they do not supersede any other hot fix, as clearly this is not the case for Windows 2000 systems."

More information is available from Microsoft here.