» Topic:  Microsoft fixes memory bug in security patch

» Added by:  Robert McMillan

» Date:  19.8.2006

  Microsoft has fixed a bug in a critical security patch that may have been causing problems for some Windows Server 2003 users.

The bug is in the critical MS06-040 Windows Server services update, released earlier in August. It affects programs that use up very large chunks of memory on some versions of Windows. According to Microsoft, programs such as Microsoft Navision 3.7, which require allocations of more than 1G byte of memory, can crash after the update is installed.

Most Windows systems do not experience the bug, but Microsoft Windows Server 2003 and the 64-bit version of Windows XP Professional Edition are affected. Microsoft's hotfix for the problem can be downloaded from their site.

The majority of widely used applications allocate memory in chunks that are smaller than the 1G-byte threshold blamed for the bug, so there have not been widespread reports of problems with this patch, according to Johannes Ullrich, chief research officer for the SANS Institute.

More troublesome has been the MS06-042 update for Internet Explorer, which has caused browser crashes while using Web-based applications such as PeopleSoft, Siebel and Unicenter. Microsoft issued a hotfix for this update earlier in the week and is promising to reissue the buggy update next Tuesday.

SANS is tracking the status of Microsoft's updates.

Microsoft issued a total of 12 updates this month, fixing 23 vulnerabilities. But it's had the most problems with the more serious of these fixes.

"MS06-040 and MS06-042 were probably the most critical issues," he said. "It's unfortunate that they've had problems with both of them."

Source:
http://www.computerworld.com/