Microsoft has taken the rather unusual step of pulling a security bulletin for Windows 2000 Server (issued last week) and telling users to use the mitigations and workarounds until the bulletin can be reissued next week.
MS10-025 was aimed at fixing a vulnerability in Windows Media Services running on Windows 2000 Server that could allow remote code execution if an intruder sent a specially crafted transport information packet to a system.
Jerry Bryant, Microsoft Response Communications group manager, said on the company’s Technet site: “Today we pulled the update because we found it does not address the underlying issue effectively. We are not aware of any active attacks seeking to exploit this issue and are targeting a re-release of the update for next week.
“Customers should review the bulletin for mitigations and workarounds and those with internet facing systems with Windows Media Services installed should evaluate and use firewall best practices to limit their overall exposure. We will continue to share updates here on the blog as available.”