Microsoft announced it has created a hotfix that patches a bug in one of the dozen August security updates which could corrupt users' data. Customers must contact Microsoft to get the hotfix.
The MS06-049 update, which was released Aug. 8 to correct a flaw in the Windows 2000 kernel, can ruin data on NTFS formatted drives when the PC is using Windows' own file compression. Files larger than 4K that are either created or back up can be corrupted, and become unreadable.
Microsoft issued a hotfix, but has not made it available to the general public. Instead, as is its practice with hotfixes, Microsoft requires users who want the patch to call the company.
It also downplayed the severity of the issue and suggested a workaround. "Since MS06-049 addressed a security issue on Windows 2000 only, no other platforms are affected by the NTFS compression issue," said Adrian Stone, a program manager at the Microsoft Security Response Center (MSRC), in a blog entry. "In the short term you can disable NTFS compression and the data integrity will not be affected and your system will still remain protected from the vulnerability," Stone wrote late Friday.
An update to MS06-049 is in progress, Stone added, and will be released as soon as it's ready. It would be the third of the 12 August updates to be revised; MS06-040 and MS06-042 have been reissued already, with the latter being posted three different times to fix flaws Internet Explorer.
Microsoft detailed the data corruption problem in this support document.