Original URL: http://www.theregister.co.uk/2010/04/22/ms_patch_withdrawn/

MS withdraws ineffective security update

The patch that failed

By John Leyden

Posted in Security, 22nd April 2010 15:51 GMT

Microsoft has withdrawn an update for Windows Server because the patch, issued eight days ago, does not treat the root cause of the problem it was meant to fix.

MS10-025 was designed to address a flaw specific to Windows 2000 Server installations also running Windows Media Services.

The bug was critical for affected users, who are now advised by Microsoft to relying on previously published mitigations against attack while they wait for an effective patch, promised for next week. Redmond assured users that the bug is not being actively exploitated by hackers.

Microsoft's explanation for withdrawing the update can be found on its Security Response blog here. A brief note on the issue from the Internet Storm Centre is here. ®