Microsoft Thursday blamed human error for having to reissue a patch originally released last week to close a critical flaw in Windows and encouraged users of Windows XP SP2 and SP3 to install it promptly.
The company said patch MS08-030, issued on June 10, did not completely solve a vulnerability in Windows XP’s Bluetooth stack that could allow a hacker to execute code on the compromised machine. The same patch also covered Windows Vista, but Microsoft said the problem does not affect that version of the operating system.
“Microsoft security bulletin MS08-030 does not fully address the vulnerability discussed in the security bulletin for these versions [SP2, SP3],” Christopher Budd, security response communications lead for Microsoft said on the Microsoft Security Response Center blog.
Budd blamed the issue on “two separate human issues” and said Microsoft is investigating how the ineffective patch was eventually released. “When we’re done with our investigation, we’ll take steps to better prevent it in the future,” Budd said.Microsoft said the update is available through all the typical channels: Automatic Updates, Windows Update and Windows Server Update Services.
MS08-030 was part of Microsoft’s monthly release of security updates issued last week. The patches addressed 10 vulnerabilities.
The problems with MS08-030 are not the only issues spawned by the June 10 release. Microsoft last week confirmed that corporations using System Center Configuration Manager 2007 and System Management Server 2003 client software could not use patch distribution features to install the updates. The company issued a fix for that problem on June 17.