• silicon.com
• Technology
• Security

By Joris Evers, 18 October 2005 08:25

NEWS Security-conscious Windows users who tweaked the operating system to protect their PCs better are getting hit hardest by a flawed Microsoft patch, experts said on Monday.

Microsoft has acknowledged that a patch released last week can cause trouble for some users. It could lock them out of their PC, prevent the Windows Firewall from starting, block certain applications from running or installing, and empty the network connections folder, among other things, the software maker said in an advisory on Friday.

The trouble occurs when default permission settings on a Windows folder have been changed, according to Microsoft. Those changes aren't common, but have been applied by some people to add extra security to their systems, experts said.

Johannes Ullrich, the chief research officer at the SANS Institute, said: "The flaw in the patch affects users who tightened down access lists. These are typically more-advanced, security-conscious users."

The settings are also likely to be used by businesses with strict access requirements, such as those in the financial services or healthcare industries, said Vijay Adusumilli, a senior product manager at security software vendor St Bernard Software. "They tighten settings for security purposes," he said.

The patch was released on Tuesday to fix four Windows vulnerabilities. Microsoft tagged the combined vulnerabilities "critical", and experts warned that a worm attack linked to the issue could be imminent. The software maker urged all users to immediately apply the update, delivered in security bulletin MS05-051.

Adusumilli said: "If users made changes to their security settings and tightened them, this patch is going to break a whole lot of software." The update simply didn't take into account all the possible Windows user configurations, he said.

The problem may result in more apprehension among users when it comes to applying Windows patches, Adusumilli noted. "Microsoft's patch quality reputation just started to improve but I think this is going to dent that a bit," he said.

That is worrying, especially with a narrowing amount of time between the release of a software fix and a malicious code attack that exploits the vulnerability related to it, SANS' Ullrich said. The narrowing "patch window" has moved people to apply remedies faster.

Ullrich said: "Many companies have come to rely on high patch quality to use accelerated deployment procedures for critical patches. But the problems with MS05-051 will make people think twice next time around."

The flawed update delivered "two strikes against good security," he said. "First, you get penalised for running an enhanced security template. Next, you get penalised for patching quickly."

Microsoft had no immediate comment for this story.

Joris Evers writes for CNET News.com