Security Management Strategies for the CIOIf you're surprised to see a message from Microsoft about a new downloadable patch for Windows XP Service Pack 2 [SP2], you're probably not alone.
News of the patch began circulating on some security message lists last week, but the software giant has since posted an advisory
Requires Free Membership to View
on its Web site. As a message on the Bethesda, Md.-based SANS Internet Storm Center (ISC) Web site indicated Wednesday morning, this fix has caught some users off guard.
ISC notes that lists like Full Disclosure, Bugtraq, and NTbugtraq have been buzzing about the patch since last week, but that Microsoft had not issued a general announcement.
"It is surmised that this is because the patch is not exactly a security patch," the ISC said. "Instead it was more of a hotfix
 |
||||
|
|
|||
|
||||
So, the ISC said, those who go to Windows update or have automatic update could start seeing this patch at any time.
According to Microsoft's advisory, the patch fixes a condition in which computers running SP2, Windows XP Tablet PC Edition 2005 or Windows Server 2003 unexpectedly stop. "Additionally, the following stop error message appears on a blue screen: Stop 0x05 [INVALID_PROCESS_ATTACH_ATTEMPT]," the advisory said.
"This problem occurs because a coding error in the HTTP.sys file causes stack corruption," the advisory added. "This problem occurs if… TDI [transport driver interface] filter drivers are installed on your computer [and if] the installed TDI filter drivers return STATUS_PENDING to the TDI_SET_EVENT_HANDLER I/O request, so that the call is processed as an asynchronous APC."
TDI filter drivers are typically installed by antivirus or firewall programs, the software giant noted.
Meanwhile, a coding error in the Http.sys file may cause stack corruption when the TDI filter driver finishes processing the TDI_SET_EVENT_HANDLER I/O request asynchronously on a different thread, the advisory said, adding, "The stack for the original thread is overwritten when the I/O request is processed. This causes the stop error message."
Microsoft said the problem doesn't occur with the original released version of Windows XP or with Windows XP Service Pack 1.
A Microsoft spokeswoman noted that the company's primary method for distributing software updates to customers is through Windows Update. "This is why we encourage our customers to enable automatic updates within Windows, so that they can receive not just security updates, but also non-security related improvements or enhancements," she said.
Join the conversationComment
Share
Comments
Results
Contribute to the conversation