Update: Microsoft fixing patch that can slow Windows XP

Microsoft is revising a security patch for Windows XP systems with Service Pack 1 installed after customers complained that installing the patch slowed their systems down to a crawl.

Microsoft is working on a revised patch for Windows XP Service Pack 1 and will re-issue that patch when it has been completed and fully tested, the Redmond, Wash., software maker said in a revised version of its security bulletin MS03-013 posted late Wednesday. (http://www.microsoft.com/technet/security/bulletin/MS03-013.asp)

Originally released on April 16, the security bulletin addressed a buffer overrun vulnerability in the Windows kernel, which manages core services for the operating system such as allocating processor time and memory, as well as error handling.

A flaw in the way the kernel passes error messages to a debugger could enable a malicious hacker to take any action on a vulnerable system such as deleting data, reconfiguring the device or modifying user accounts and privileges, Microsoft said in its advisory.

Soon after the patch was released, however, Windows XP users began complaining in online forums of performance problems that appeared after the patch was applied.

Users reported that Windows XP can take up to 10 seconds or even more to start an application after installation of the patch. Removing the patch brings system speed back to normal, Windows XP users wrote in dozens of postings on several online discussion boards.

The company received a "small number" of complaints resulting from "special situations" involving the interaction of XP Service Pack 1 and third party applications following the patch, according to Stephen Toulouse, security program manager at Microsoft's Security Response Center.

Some users experiencing the problem did not even think a patch could be to blame.

"I first blamed my VirusScan, since I had a problem several years ago when VirusScan would run away with my CPU and hog all of the cycles," a high-tech corporate communications consultant in Oakland, Calif., who asked not to be named, wrote in an e-mail to the IDG News Service. "I had not even considered going to Microsoft tech support."

"I've never called Microsoft. Also, I thought maybe some virus was causing it.  So I ran the antivirus software I have.  I thought maybe that would take care of it," wrote Sandra D., an aspiring author who uses a PC at her home in Pennsylvania.

Other users with systems suddenly moving at sluggish speed complained that the phone number for Microsoft's help line is hard to find or costs too much.

"I attempted to contact the Microsoft help desk, but when I found there was a substantial fee involved, I declined to do it. Also, because my purchase of Windows XP Professional was made as part of a Dell hardware purchase, the Microsoft Web site said I should contact Dell tech support. I did contact Dell, but they said they could not be responsible for this particular problem because it is a Microsoft problem," wrote one reader who heads up a technology management consultancy near Salt Lake City.