• April 23, 2003 •
Microsoft Kernel Patch Slowing Down Windows XP Systems
By: Arie Slob
Microsoft is said to be looking into problems that some people have reported after installing a security patch that was issued last week. The patch - which was designed to stave off a buffer overrun that could allow attackers to elevate privilege permissions on users' machines - ended up slowing some users' systems to a crawl.
It seems that disabling your antivirus auto protect feature fixes the problem, but this work-around means that you patch one hole (the kernel) and opening up another (no auto-protect AV scanning). People have reported that this happens with Norton, McAfee and EZtrust Antivirus.
|
On May 28, 2003, Microsoft advised its customers on the availability of an updated Windows XP Service Pack 1 "811493" patch. This revised patch corrects the performance issues that some customers experienced with the original Windows XP Service Pack 1 patch.
|
If you are having slowdown problems, you can also remove the patch for now, it is listed in Add or Remove Programs and called Windows XP Hotfix (SP2) Q811493. Hopefully Microsoft will fix the patch sooner rather than later. When you remove the 811493 patch, you could be prompted that the removal will cause the 814995 patch not to function, this is a flase "alarm", just uninstall 811493.
In some cases the patch will not be listed under Add or Remove Programs. In that case, system administrators can use the Spunist.exe utility to remove this patch. Spuninst.exe is in the %Windir%\$NTUninstallQ811493$\Spuninst folder, and it supports the following Setup switches:
- /?: Display the list of installation switches.
- /u: Use unattended mode.
- /f: Force other programs to quit when the computer shuts down.
- /z: Do not restart when installation is complete.
- /q: Use Quiet mode (no user interaction).
Lets hope that Microsoft gets this patch fixed ASAP.
OK, some more information. It seems that quite a number of people are having problems with this update. I've seen reports from some computer shops indicating that 40-60 percent of their users are having severe slowdown problems.
I've had a report from the InfiniSource CEO who wasn't able to reboot his system after installing the patch, it would just hang on the black screen you normally get before the XP flag appears.
Now, I read over the security bulletin again concerning the 811493 patch, and although listed as Important, it is not critical. You see (according to the bulletin) "For an attack to be successful, an attacker would need to be able to logon interactively to the system, either at the console or through a terminal session. Also, a successful attack would require the introduction of code in order to exploit this vulnerability. Because best practices recommends restricting the ability to logon interactively on servers, this issue most directly affects client systems and terminal servers".
This means that for the average home user, this patch isn't really required. So at this point I'd suggest you do not install this patch.
Latest Info from Microsoft: Microsoft originally issued this patch on April 16, 2003. Subsequent to that date, Microsoft has received reports of performance problems with the patch from some Windows XP customers. Microsoft has investigated this issue and confirmed that there can be performance problems when the patch is applied to Windows XP Service Pack 1 systems. Microsoft is actively working on a revised patch for Windows XP Service Pack 1 and will re-issue that patch when it has been completed and fully tested. The existing Windows XP SP1 patch does address the security vulnerability.
Give your comments on this article.