Patch/Configuration Management, Vulnerability Management

Microsoft releases a non-security security update

Information security oxymoron alert: Microsoft on Tuesday released a non-security-related security bulletin to fix Windows Update issues.

The fix addresses an issue forcing PCs to become unresponsive when Microsoft Update or Windows Update performs scans prior to downloads, according to Microsoft.

Christopher Budd, Microsoft security program manager, said Tuesday on the Microsoft Security Response Center Blog that PC users should have no problem downloading the bulletin even if they’re experiencing update issues.

"I want to note that this update will install correctly even if you’re experiencing this issue," he said. "However, this issue may prevent you from installing other updates (including security updates) until you apply this new update, so we encourage customers to apply this right away."

Users experiencing issues with Windows Update or Microsoft Update may experience access violation errors in svchost.exe, memory leaks while scanning for updates and lengthy scanning times, sometimes taking hours to complete.

The errors have occurred in Windows 2000 with Service Pack 4, Windows XP with Service Pack 2, XP Professional x64 edition with and without Service Pack 2 installed, Windows Server 2003 with Service Pack 1 and Service Pack 2 and Windows Server 2003 x64 Edition with Service Pack 1 and Service Pack 2.

The Redmond, Wash.-based software giant announced in an advisory that while the updates are not traditional security bulletins, they do affect product security.

"Security advisories address security changes that may not require a security bulletin but may still affect customer’s overall security," according to Microsoft’s latest security advisory.

Microsoft this week also announced the availability of two features designed to improve Microsoft Office security.

The features allow administrators to restrict the opening or saving of Microsoft Office 2003 and 2007 files, and contain security mitigation techniques for the conversion of Office file types.

"Taken together, both of these are designed to make it easier for customers to protect themselves from Microsoft Office files that may contain malicious software, such as unsolicited Microsoft Office files received from unknown or known sources," said Budd.


Get more IT security news. Click here for SC Magazine Blogs.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.