SAN FRANCISCO -- Microsoft's latest security patch can cause computers running Windows XP to slow down to a crawl, affected users say.
Windows XP can take up to 10 seconds to start an application after installation of the patch released last Wednesday with security bulletin MS03-013, users wrote in dozens of postings on several online discussion boards. Removing the patch brings system speed back to normal, according to these users.
Microsoft is aware of the issue and is investigating it, Stephen Toulouse, a security program manager with Microsoft's security response center in Redmond, Washington, said.
"We have been made aware of some isolated cases of customers experiencing performance issues after applying the patch," he said. Microsoft is going by the online reports, he said. No customers have called Microsoft's helpdesk with the problem, according to Toulouse.
The patch, which Microsoft calls the Q811493 hotfix, was distributed via Microsoft's security Web site and the automatic Windows Update service. It fixes a security flaw in the Windows kernel, the core of the Windows operating system. The vulnerability is rated "important" by Microsoft, one notch below the highest level on the vendor's severity rating scheme.
The flaw allows an attacker to raise his privilege level on a vulnerable system. However, to exploit the flaw an attacker needs to be able to log on to a system, either at the computer or via a terminal connection, mitigating the risk.
Users advising other users online suggest home users experiencing system slowdowns remove the patch as corporate environments with terminal servers and client systems accessed by multiple users are most at risk. Microsoft, however, urges all customers to apply the patch and call the Microsoft helpdesk if there are any performance issues afterward, Toulouse said.
Microsoft security bulletin MS03-013 can be found at: http://www.microsoft.com/technet/security/bulletin/MS03-013.asp