Some users have reported that Microsoft’s critical security patches from last week are causing problems.

In particular, the patch issued to fix a critical hole in Windows 2000 (MS05-051) has seen the Sans Institute’s Internet Storm Center (ISC) receive more than two dozen reports of compatibility issues, its CTO, Johannes Ullrich, has said.

Problems include an inability to use the Search tool in the operating system’s Start menu, a blank screen upon login to the Windows Update site and disruption of Symantec’s LiveUpdate virus-updating tool and the SpySweeper anti-spyware product from Webroot.

“These are the sort of problems that we typically see when patches don’t co-operate well with various third-party software and some of the less-used functions of Windows,” Ullrich said. “At this point, the problems with Symantec LiveUpdate and SpySweeper are the most severe.”

Ullrich added that the problems reported so far appear to be “very user-dependent”, with no clear indication why some are reporting problems while others aren’t. The size and complexity of this month’s patches – nine, fixing a total of 14 problems – could be one reason for the problems, Ullrich said.

Microsoft said it is aware of reports of “isolated deployment issues with security update MS05-051”, adding that it is working “with the limited amount of customers affected” to help resolve the issue. The company has posted a Knowledgebase article online with more information about the issue.

A Symantec spokesman said his company is aware of the reports and is trying to replicate the problems. “We have not been able to replicate any of the problems up to this point,” he said. “We have not seen any problems up to now that point to this patch.”

Reports of the patch problems come amid growing concerns of a worm outbreak targeted at the MSDTC and COM+ vulnerabilities. Fuelling those concerns was the development of an exploit earlier this week that takes advantage of both the flaws.

In addition, there has been a significant increase in computer scanning activity – apparently by hackers looking for targets to attack once an exploit becomes widely available, Ullrich said. “If you run Windows 2000, you should be very concerned,” he said.