Some third-party applications are encountering problems introduced by the cumulative Windows 2000 Update Rollup that Microsoft introduced in late June.

There have been reports of problems with Sophos, Panda, RealSecure and BlackICE security products among some Windows 2000 users. And there also have been reports of compatibility problems between the rollup and Citrix Systems' MetaFrame product, for which Citrix recently introduced hot fixes.

Windows 2000 is still the operating system of choice for a number of businesses, especially those in the small and midsize business (SMB) space, according to industry watchers. Microsoft ended mainstream support for Windows 2000 client and server on June 30. Right before cutting the non-paid support cord, Microsoft issued the Windows 2000 rollup of more than 50 patches and fixes, in lieu of a Service Pack 5 update.

The compatibility issues are affecting not only users Windows 2000 users who applied the rollup. They also are affecting some users who applied a June patch (MS05-019) issued by Microsoft that was designed to address potential TCP/IP remote-code execution hole in a number of versions of Windows.

According to a Knowledge Base article on the Microsoft Web site, some security problems "cannot detect the changes that are made to the TCP/IP protocol by the revised MS05-019 security update or by the Update Rollup 1 for Windows 2000 SP4."

The result? Some products, such as certain RealSecure and BlackICE products "stop running and the increased protection provided by these products is disabled," the article says.

Sophos seniors security analyst Gregg Mastoras confirmed to Microsoft Watch that the company's anti-virus software has encountered a problem with the Microsoft rollup. He said Sophos is working on an updated version of its software, which should be available in the next week or two, that will eliminate any conflicts for Windows 2000 users.

"In regards to Sophos, we have only received one support request and we cannot reproduce the issue in our labs. If we can, we will produce a hotfix as soon as possible," said Peter Houston, senior director of servicing strategy with Microsoft.

Houston added that "We haven't heard about any Panda issues through our normal support channels, but will continue to monitor the situation."

According to a posting on the SANS Internet Storm Center forums, "a reader reported that "...After applying the patches, some components (either the firewall or protection against unknown threats) on Panda Platinum 2005 Internet Security (9.02.01) stopped working. This happened on my Win2000 laptop (fully patched) and on several WinXP Pro boxes. The solution was to completely uninstall Panda & then re-install it."

Panda did not respond to a request for additional information on problems between the Windows 2000 rollup and its anti-virus software.

Citrix, for its part, acknowledged problems it had with the Windows 2000 rollup via a Knowledge Base article posted to its site.

"We did have a problem where after applying the Microsoft security rollup," said Arnold Erazo-Sr. Manager, Technical Support, Offline Support Team and Tech Lead Manager: "Connections would appear to be in a hung state. This was due to winlogon.exe consuming high CPU usage. This issue has been resolved for both the MetaFrame XP and MetaFrame Presentation Server 3.0 platforms" via patches Citrix made available as hot fixes, he said.

In its TechNet Flash newsletter, issued on July 20, Microsoft officials also noted that there are some "complexities introduced by the recently released Update Rollup 1 for Windows 2000 Service Pack 4."

According to the newsletter, Microsoft's Security Bulletin Search Tool does not provide quick-and-easy answers to every possible question, such as, 'If I have a Windows 2000 SP4 system with the Update Rollup installed, which security updates do I need to bring the OS up to date?' Such answers have been a bit tricky to determine for each of the rollups the Windows team has released. There are a few reasons why this is currently true, but the main reason is to avoid potential bulletin search results in which security updates might not be reported to customers who need them."

Microsoft is suggesting those hamstrung by the complexities try using the Microsoft Baseline Security Analyzer (MBSA) 2.0 "on each of the customer computers to determine quickly what each one needs. Another option is to refer to Microsoft.

Users also might opt to refer to Knowledge Base article 891861, which lists all security-related updates produced for Windows 2000 between the release of Windows 2000 SP4 and April 30, 2005.

"You should expect that everything from that point forward will be needed," the TechNet Flash update advised.