Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: Possible Patch Problems SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Possible Patch Problems
We have had a report of problems with MS05-051.  Here is what we have received.  If anyone else is experiencing problems, please let us know.

A number of people have reported weird problems with one of the MS patches released yesterday, specifically MS05-051 Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400).

Symptoms include, but are not limited to:

- Inability to visit Windows Update
- Inablility to use the Search tool off the Start Menu
- blank screen (no icons) upon login
- Symantec LiveUpdate stops working
- SpySweeper stops working
- problems with Office apps
- VirtualPC becomes extremely sluggish

Lee said he had spoken to a Microsoft engineer about this.  From what he could tell:

"this issue is only affecting people with very specific NTFS permissions. If the C:WinntRegistration folder is locked down and cannot be written to by COM+ you will have errors similar to those listed in your alert. All of those tasks use COM+ in one way or another."

Another perspective from Microsoft:

'The solution will be available at,
and will be linked to from the MS05-051 bulletin - hopefully within the
hour.  Feel free to communicate the cacls solution to anyone you come across
until then. This is not a "known issue" or "problem" with the patch, but a
"complexity with the increased security provided by the patch when running
on systems where settings have been incorrectly changed from the default

Uninstalling patch 902400 seems to do the trick for most folks.  You may need to check the "Show Updates" box under Add/Remove Programs to see the hotfixes.  The better answer is calling Microsoft directly; this should be a free call if the issue is problems with a patch.  The US number is 866-727-2338.  Outside of the US, see .


165 Posts
ISC Handler
Oct 14th 2005

Sign Up for Free or Log In to start participating in the conversation!