Microsoft has fixed a bug in a critical security patch that may have been causing problems for some Windows Server 2003 users.
The bug is in the critical MS06-040 Windows Server services update, released earlier this month. It affects programs that use up very large chunks of memory on some versions of Windows. According to Microsoft, programs such as Microsoft Navision 3.7, which require allocations of more than 1GB of memory, can crash after the update is installed.
Most Windows systems do not experience the bug, but Microsoft Windows Server 2003 and the 64bit version of Windows XP Professional Edition are affected. Microsoft's hotfix for the problem can be found here.
The majority of widely used applications allocate memory in chunks that are smaller than the 1GB threshold blamed for the bug, so there have not been widespread reports of problems with this patch, according to Johannes Ullrich, chief research officer for the Sans Institute.
More troublesome has been the MS06-042 update for Internet Explorer, which has caused browser crashes while using web-based applications such as PeopleSoft, Siebel and Unicenter. Microsoft issued a hotfix for this update last week and is promising to reissue the buggy update tomorrow.
Sans is tracking the status of Microsoft's updates here1.
Microsoft issued a total of 12 updates this month, fixing 23 vulnerabilities. But it's had the most problems with the more serious of these fixes.
"MS06-040 and MS06-042 were probably the most critical issues," he said. "It's unfortunate that they've had problems with both of them."