Download our in-depth report: The Ultimate Guide to IT Security VendorsIt seems with each monthly Patch Tuesday, some kind of disaster follows Microsoft's (Quote, Chart) batch of fixes. In this case, there may be problems with one of the patches, but the federal government is taking the unusual step of insisting this patch be installed.
Both issues surround patch KB921883, or MS06-040. The patch addresses a remote code execution vulnerability in the Windows Server Service that could allow a virus to take complete control of the affected system.
The virus would take control of the system through a buffer overflow, which in turn allows a remote procedure call to launch malicious code on the exposed system and send out all kinds of attacks.
The patch affects Windows 2000, Windows XP and Windows Server 2003.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=iIn a rare public comment, the U.S. Department of Homeland Security issued a firm notice to Windows users to immediately apply the patch. The department warned that a successful attack could be launched similar to the Blaster and Sasser worms.
"Windows users are encouraged to avoid delay in applying this security patch. Attempts to exploit vulnerabilities in operating systems routinely occur within 24 hours of the release of a security patch," the agency said in a public advisory.
At the same time, the Windows community site ActiveWin.com reported that MS06-040 can affect encrypted Web traffic.
"It has been confirmed on several machines that this patch breaks HTTPS functions. You cannot sign in to Live.com, or access pages reliably that use certificates, (most will not work), secure communications programs fail," reads a posting on the site.