Microsoft: Another patch comes unstuck

Microsoft on Thursday issued a "hotfix" for a fault in a security patch designed to correct a flaw already being targeted by worms.

The company is making the hotfix, or repair code targeted to a specific issue, available upon request, according to a posting on its website. The fix addresses the problem of programs failing if they request one gigabyte or more of information on a patched system.

Computers running x64-based versions of Microsoft Windows Server 2003, along with Service Pack 1 and Windows XP Professional x64 Edition, are affected, if the MS06-040 update has been installed. Only 32-bit programs can encounter problems, Microsoft said.

The software behemoth said Microsoft Business Solutions Navision 3.7, for example, may fail under such conditions.

MS06-040 was part of a dozen security patches Microsoft released earlier this month as part of its monthly patch cycle. The patch, which Microsoft had rated "critical", was designed to prevent attackers from exploiting a vulnerability that could allow a remote code execution.

Users were urged to install MS06-040 as soon as possible, given that worms were already trying to take advantage of the vulnerability, according to a posting on the Sans Internet Storm Center.

MS06-040 was not the only problematic patch in the August update. MS06-042 also created problems for users who installed the critical patch. In that case, Microsoft's Internet Explorer browser could crash when various websites were viewed. The company has said it plans to rerelease the MS06-042 bulletin and patch on 22 August.

Dawn Kawamoto writes for CNET News.com