KB939373 Breaks IIS


I currently work in an environment where Windows XP is deployed across the organisation. Consequently, it is also the OS on which we write code. Today I booted my machine to find my IIS 5.0 web server was no longer functioning. When I attempted to fire up the service, I received a handy “The World Wide Web Publishing service terminated with the following error: The specified procedure could not be found”. Interesting…my box has been nice and stable for the last few months. What gives?

A quick google of the event id and error, I soon discovered that the KB939373 security update for Windows XP has been the cause of this behaviour for many others. Here is a description of the patch.

A security issue has been identified that could allow an attacker to remotely compromise your Windows based system using Internet Information Services (IIS) and gain control over it.

Removal of this patch restored full IIS functionality for my box. To uninstall, a script is neatly tucked away in C:\WINDOWS\$NtUninstallKB939373$\spuninst directory. Running this will reinstate the original dll’s that were badly patched.