sp sp
Home sp
sp sp
BugBlog sp
sp sp
Writing Gallery sp
Websites sp
Whats new sp
Computer Tips sp
sp sp
CABE sp
St. Lukes sp
sp sp

Did this article help you? Donate via PayPal to say thanks..

bjk

6/16/2004 Problems with Microsoft's MS04-011 Patch

Applying a security patch is a good idea. Applying one that helps guard against the Sasser worm, as does MS04-011, is an even better idea. However, sometimes even good ideas have bad consequences.

A search through the Microsoft Knowledge Base turned up these problems with the MS04-011 patch. These two items were in the 6/14 and 6/15 BugBlog.

If you install the security update from MS04-011 (the fix for the Sasser worm) on a Windows NT 4.0/2000/XP computer, you may have problems viewing EMF (Enhanced MetaFile) images in Adobe Illustrator. According to Microsoft, the security patch enforces tougher security on metafiles. This tougher security is also present in Windows Server 2003 by default. There are hotfixes available for Windows 2000 and XP, which will be in future service packs for these products. If you use EMF files, and need these fixes right away, contact Microsoft Technical Support and ask for the fix described in Knowledge Base article 840997. Note that you may be charged for this call. If you use the other versions of Windows, you may want to check back at http://support.microsoft.com/?kbid=840997 for updated information.

Microsoft's MS04-011 security patch has some compatibility problems with certain third-party applications on Windows 2000 computers. One application mentioned specifically is the Nortel Networks VPN client, but in general applications that load these drivers -- Ipsecw2k.sys, Imcide.sys, or Dlttape.sys --may cause big problems. These may include totally locking up the computer, having CPU usage spike to almost 100 percent, or an inability to log on to Windows. Microsoft has a hotfix to undo the damage done by the MS04-011 fix. It will be in a future service pack, but it you are having these problems you should contact Microsoft Technical Support and ask for the hotfix described in Knowledge Base article 841382. Note that you may be charged for this call.

In addition to these two, a number of other vulnerabilities were discussed in the BugBlog Plus (subscription information here). These include:

  • Windows 2000 DNS problems
  • Windows 2000 problems with Services for Unix
  • Windows XP problems with third-party applications that let you impersonate users
  • Windows NT compatibility problems with Intellipoint 2
  • Windows XP problems with NetSchedule API
  • Windows NT multiprocessor problems
  • Microsoft IIS compatibility problems
  • Windows 2000 problems with SMB/CIFS
  • Problems with 16-bit MS-DOS programs
  • Problems with Hebrew and Arabic text
  • Oracle DB compatibility problems

The problems aren't universal; some just affect a small set of users. But if you start having problems with something after installing MS04-011, this may be where you start looking for solutions.