- The Washington Times - Tuesday, May 27, 2003


Microsoft Corp. has withdrawn a security improvement for its flagship Windows XP software after the update crippled Internet connections for some of the 600,000 users who installed it.

Microsoft officials said yesterday the patch — which had been available as an option since Friday on its “Windows Update” Web site — apparently was incompatible with popular security software from other companies, such as Symantec Corp.

Microsoft said Internet connections failed immediately for an unspecified number of more than 600,000 computers using Windows XP that downloaded and installed the update. Consumers could reconnect only by removing the update, which promised to improve reliability for types of secure Internet connections commonly used by corporations.

The glitch occurs amid a debate in Washington among cyber-security experts over whether the technology industry should test the reliability and security of such updates more aggressively. Hackers can easily attack government systems where updates aren’t installed routinely, but some experts install them only reluctantly because of worries about unintended consequences of some updates.

A White House plan completed this year instructed the General Services Administration to work with the Homeland Security Department to study the effects of software patches on hundreds of computer programs. The plan said the government will share its findings with the technology industry.

That provision fell short of earlier drafts of the White House plan, which urged the industry to create its own testing center that would make sure updates don’t cause additional security problems. Some experts complained it wasn’t feasible because of the complexity of studying millions of possible hardware and software combinations.

Microsoft was still investigating the glitch. The update should have allowed traveling executives, for example, to connect more securely and more reliably from a hotel room to their corporate networks.

Microsoft said the changes it made complied with the latest industry standards, and said early indications linked the problems to some popular third-party products, such as protective firewall software sold by other companies. It would not say how many users lost Internet connections.

“Most systems didn’t crash; they simply lost network connectivity,” said Michael Surkan, a Microsoft program manager for its networking communications group. “There were hundreds of thousands of people who downloaded this, and we know of only a handful of people who had the problem.”

Because the software update was considered a security improvement and not an urgent repair, it was available only to customers who specifically visited the Windows Update site Friday. Other repair patches can be delivered automatically to consumers.

Copyright © 2018 The Washington Times, LLC. Click here for reprint permission.

The Washington Times Comment Policy

The Washington Times welcomes your comments on Spot.im, our third-party provider. Please read our Comment Policy before commenting.


Click to Read More and View Comments

Click to Hide