Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
February 23, 2005
1 Min Read
It may not be the second Tuesday of the month -- Microsoft's normal day to release security bulletins and patches -- but the Redmond, Wash.-based developer has posted a critical fix to Windows XP Service Pack 2 (SP2) on its Windows Update site, and pushed it to users relying on Automatic Update.
The problem, which has actually been public since December 2004, also affects Windows Server 2003 and Windows XP Tablet PC Edition 2005. In some cases, installing third-party anti-virus or firewall software -- Microsoft didn't name makers or package titles -- can bring down the operating system in a Blue Screen of Death with a cryptic error that reads "Stop 0x05 (INVALID_PROCESS_ATTACH_ATTEMPT)."
Ironically, the last time a Blue Screen of Death made the news, Microsoft Chairman Bill Gates was on the stage at January's Consumer Electronics Show in Las Vegas, demonstrating Windows Media Center.
According to Microsoft's advisory, the problem's not really a vulnerability, but is due to "a coding error in the Http.sys file [that] causes stack corruption."
Unlike some other hot fixes, however, this one was quietly elevated Tuesday, and placed on the Windows Update service site and entered into Automatic Update, which automatically retrieves patches and installs them on Windows systems.
Although the alert got some attention last week on several security mailing lists, Microsoft held off on a general announcement until this week.
"It's surmised that this is because the patch is not exactly a security patch [but] instead was more of a hot fix for the stop condition/blue screen scenario, and is not covered by the standard security bulletins," said Joshua Wright of the Internet Storm Center.
You May Also Like