 |
• May 29, 2003 •
Last month, on April 16, Microsoft released a patch for Windows XP to fix a buffer overrun in Windows Kernel Message handling. Within days, people started complaining that this particular patch slowed their systems to a crawl.
On the 25th April Microsoft announced that it had investigated the issue and confirmed that there could be performance problem when the patch was applied to Windows XP Service Pack 1 systems.
This issue was subsequently resolved when Microsoft announced an updated version of the Windows XP patch on May 28th.
A day earlier, however, Microsoft pulled another update from the Windows Update site which it had released only days before. This update, called "L2TP/IPSec NAT-T Update for Windows XP and Windows 2000", includes improvements to IPSec to better support virtual private network (VPN) clients behind network address translation (NAT) devices by implementing NAT as specified in the Internet Engineering Task Force (IETF). The update also includes additional support for stronger IPSec protection by using the 2048-bit Diffie-Hellman algorithm (Group 14).
But Microsoft soon discovered that some of the 500,000 users who downloaded and installed the patch were prevented from connecting to the Internet, particularly those users running other firewall software on their systems.
According to Microsoft, they are working on an updated version (of the update)... Life would probably have been easier if it had been tested properly before release. I would argue that in the case of a security fix, extensive testing can't always been done, because the fix need to be released as soon as possible, but this latest file was just an update to bring the way that Windows XP handles IPSec and the tunneling protocol into compliance with the Internet standard, so it should have been properly tested before its release.
