To Patch Or Not To Patch?
Microsoft issues a fix to a severe hole. The government insists we use it, but is there a risk?
Both issues surround patch KB921883, or MS06-040. The patch addresses a remote code execution vulnerability in the Windows Server Service that could allow a virus to take complete control of the affected system.
The virus would take control of the system through a buffer overflow, which in turn allows a remote procedure call to launch malicious code on the exposed system and send out all kinds of attacks.
The patch affects Windows 2000, Windows XP and Windows Server 2003.
"Windows users are encouraged to avoid delay in applying this security patch. Attempts to exploit vulnerabilities in operating systems routinely occur within 24 hours of the release of a security patch," the agency said in a public advisory.
At the same time, the Windows community site ActiveWin.com reported that MS06-040 can affect encrypted Web traffic.
"It has been confirmed on several machines that this patch breaks HTTPS functions. You cannot sign in to Live.com, or access pages reliably that use certificates, (most will not work), secure communications programs fail," reads a posting on the site.