14 DAY TRIAL // Microsoft has pulled a Windows 2000 patch released earlier this month, explaining that it discovered the security update was incapable of resolving a vulnerability in Windows Media Services. MS10-025, which received a severity rating of Critical, was released on April 13th, to plug a security hole in Windows Media Services, but only when running Windows 2000 Server. No other Windows operating systems are affected by the security issue. Microsoft has been hard at work on re-releasing MS10-025, and it looks like customers will be getting it by the end of this week.
“Shortly after we released the update we received several reports that it did not protect against the vulnerability reported to us. At that time, we pulled the update and notified customers. The main reason for pulling the update was to save a reboot for customers who had not yet installed it. The original issue was missed due to focusing on a variant of the original report early in the investigation. We are addressing this issue and plan to re-release the update [in the week of April 26th],” Jerry Bryant, group manager, Response Communications, revealed.
At this point in time, the documentation for Microsoft Security Bulletin MS10-025 continues to be available to customers. In the FAQ section of the bulletin, Microsoft has detailed mitigation factors, as well as workarounds designed to help customers protect against potential attacks targeting Media Services Stack-based Buffer Overflow Vulnerability - CVE-2010-0478. It is important to underline that the vulnerability was privately reported to Microsoft and that the software giant has said nothing about the existence of attacks in the wild.
“Once we are sure of the exact day the update will be ready for re-release, we will post that information to our Twitter account: @MSFTSecResponse. This will go out as a major revision to the bulletin so there will be no advance notification mailer going out but those who have subscribed to our comprehensive notification service will receive an email when it is released,” Bryant added.