Microsoft has pulled a security patch for Windows NT 4.0 because installing it can cause the operating system to crash.
The patch, released on December 11 last year, is to fix a privilege elevation vulnerability deemed "important" by Microsoft. A malicious user could gain administrative privileges on a system by exploiting a flaw in the WM_TIMER Windows function, Microsoft said in security bulletin MS02-071. (http://www.microsoft.com/technet/security/bulletin/MS02-071.asp)
However, some system administrators were confronted with random crashes and reboots on their NT 4.0 systems after installing the patch. The problem was solved by removing the patch, according to postings about the issue in online discussion groups.
One user had complained of trouble using Windows NT 4.0 Terminal Server. When a user was signed off using Terminal Server Administrator, their processes showed as still running. This was also resolved by removing the security patch.
Systems programmer at First Federal Bank in Charleston, South Carolina, Regina Baker, stopped rolling out the patch after installing it on six machines.
"I quit installing after that," Baker said. "They started getting the blue screen of death. This would happen randomly, it didn't matter what application they were using."
Baker contacted Microsoft via its Web site, but "never heard anything back." She then searched the Web and found other users having the same trouble. They had also narrowed it down to the specific patch.
"After I removed the patch, we stopped having the problem," Baker said.
Microsoft said it was investigating the issue and would release an updated patch shortly.
There were no problems with the patches for Windows 2000 and Windows XP, also affected by the vulnerability detailed in the bulletin, Microsoft said.