Microsoft's latest security patch can cause computers running Windows XP to slow down to a crawl, affected users say.
Windows XP can take up to 10 seconds to start an application after installation of the patch released last Wednesday with security bulletin MS03-013, users wrote in dozens of postings on several online discussion boards. Removing the patch brings system speed back to normal, according to these users.
Microsoft was aware of the issue and was investigating it, a security program manager with Microsoft's security response center, Stephen Toulouse, said.
"We have been made aware of some isolated cases of customers experiencing performance issues after applying the patch," he said.
Microsoft was going by the online reports but no customers had called Microsoft's helpdesk with the problem, Toulouse said.
The patch, that Microsoft calls the Q811493 hotfix, was distributed via Microsoft's security Web site and the automatic Windows Update service. It fixes a security flaw in the Windows kernel, the core of the Windows operating system. The vulnerability is rated "important" by Microsoft, one notch below the highest level on the vendor's severity rating scheme.
The flaw allows an attacker to raise his privilege level on a vulnerable system. However, to exploit the flaw an attacker needs to be able to log on to a system, either at the computer or via a terminal connection, mitigating the risk.
Users advising other users online suggest home users experiencing system slowdowns remove the patch as corporate environments with terminal servers and client systems accessed by multiple users are most at risk.
Microsoft, however, urged all customers to apply the patch and call the Microsoft helpdesk if there were any performance issues afterward, Toulouse said.