Microsoft patch causes system failure

The latest software patch issued by Microsoft Corp., which addresses a security hole in the company’s Windows 2000 platform can actually do more damage than good, causing the system to fail, the company said Tuesday.

The Redmond, Wash.-based company said that the patch released on Monday is incompatible with 12 other software patches for Windows 2000, and added that users will be unable to reboot systems once running the latest fix.

Microsoft recommended that customers running Windows 2000 with Service Pack 2 should verify the version of a file called “ntoskrnl.exe” before applying the patch. Versions of this file from 5.02195.4797 up to and including 5.0.2195.4928 are not compatible with the patch.

The patch announced Monday in the MS03-007 security bulletin addresses a buffer overrun flaw in a feature of Windows 2000, which enables users to remotely manage Web site content on a Windows 2000 server. If exploited, an attacker could gain control over a system and spread malicious attacks similar to the Code Red and Nimda worms of last year.

Users can remove Microsoft’s Internet Information Server (IIS), or lock down the system via the IIS Lockdown tool, if they have not yet installed the patch. Customers with incompatible files on their systems are urged to contact Microsoft’s Product Support Services at

-With files from IDG News Service