Problem Found in Microsoft Software Patch

Users may need to take additional steps to install one of the fixes released this week.

James Niccolai, IDG News Service

Microsoft has reported a problem with one of its security patches released Tuesday that requires some users to take additional steps to ensure it installs properly.

The problem affected patch number MS06-007, which fixes a TCP/IP vulnerability in several versions of Windows that could allow a denial-of-service attack. Microsoft called the patch important, but not critical, and said users should install it as soon as possible. It was one of several patches released Tuesday.

Soon after its release, Microsoft discovered a problem for people who tried to install MS06-007 through the following channels: Automatic Updates, Windows Update, Windows Server Update Services (WSUS), and Systems Management Server 2003 when used with the Inventory Tool for Microsoft Updates (ITMU), the company says.

Automatic Updates

Customers using Automatic Updates don't have to take any action because the patch will install properly with their next scheduled update, Microsoft says.

However, Microsoft Update and Windows Update customers who visited those sites before 8:30 p.m. Pacific Time Tuesday (4:30 a.m. GMT Wednesday) need to revisit them and accept the security updates being offered, the company said.

Likewise, WSUS and Systems Management Server 2003 administrators who synchronized their servers to obtain the updates before 8:30 p.m. Pacific Time Tuesday should manually synchronize their servers and approve the new updates, Microsoft says.

The updated instructions are in the Frequently Asked Questions section of the bulletin.

The issue didn't affect customers who installed the updates through Software Update Services or through Systems Management Server when not using ITMU, or who manually installed the patch from the Microsoft Download Center, the company says.

There was no problem with the patch itself, only the installation process, according to Microsoft. When the patch is installed properly it protects against the vulnerability.

MS06-007 was one of seven patches released Tuesday. The others included fixes for "critical" security flaws in Internet Explorer and Windows Media Player.