Microsoft pulls Windows 2000 Server patch

Microsoft has withdrawn a security patch issued last week for Windows 2000 Server, saying the fix did not work well enough.

The patch, released in the Patch Tuesday bundle, was intended to correct a critical vulnerability outlined in bulletin MS10-025. The buffer-overflow flaw is in Windows Media Service on Windows 2000 Server and could allow an attacker to remotely run code on a compromised machine.

"Today we pulled the update because we found it does not address the underlying issue effectively," said Jerry Bryant, a group manager in Microsoft's response communications team, wrote in a blog post on Wednesday.

Microsoft has a regular schedule for issuing security patches, sending them out on the second Tuesday of every month, although it has been known to release out-of-cycle fixes when a flaw is seen as especially risky. However, it is unusual for the software maker to recall a fix once it has been issued.

"It it highly unique that Microsoft would do this," said Mikko Hyppönen, director of antivirus research at F-Secure on Friday. "I don't remember a previous case of Microsoft ever putting up a patch and then taking it down".

To exploit the flaw, an attacker could send a specially-crafted transport information packet to trigger the buffer overflow and then remotely execute code. That could let an outsider take complete control of the target system, according to the Microsoft bulletin.

Windows Media Services is an optional service for Windows that allows a machine to function as a streaming media server. Only Windows 2000 Server is affected by the vulnerability in the software, according to Microsoft.

Microsoft has provided two temporary workarounds for the problem, both of which involve disabling services. Administrators should disable either the Windows Media Service or the Windows Media UniCast Service until the patch is resubmitted, it said.