A problem with a critical patch relating to Microsoft's DirectShow streaming media software is leaving some Windows 2000 users unprotected, even after they've installed a patch.
Windows 2000 users who have installed Microsoft DirectX version 8.0 or 9.0 may not have actually fixed their software by installing Microsoft Security Update MS05-050.
The patch was released on 11 October as part of the monthly security software fixes. It addresses a problem in DirectShow that could allow an attacker to seize control of an unpatched system. The attacker would first need to trick a user into visiting a webpage with maliciously coded content – such as a banner advertisement — in order for this to happen.
Microsoft DirectX 8.0 or 9.0 users, who may have accidentally installed the patch written for DirectX 7.0, will still be vulnerable and they will not be notified of this fact.
Only a "limited" number of customers have been affected by this problem and customers who received Update MS05-050 automatically or correctly followed the steps in Microsoft's security bulletin will not be affected, Microsoft said.
This is the second problem Microsoft has had with the 11 October patches. Last week, some users ran into a variety of technical problems when they attempted to install a separate Security Update, MS05-051.
Directions for determining whether or not a Windows 2000 system has been correctly updated can be found here.
Microsoft was unavailable for comment.