Information About Virus-Infected Hotfixes

Originally posted: April 25, 2001
Updated: April 27, 2001

Microsoft Product Support Services (PSS) recently discovered that several hotfixes released during the past two weeks were infected with a virus. Here are the most important facts regarding this issue.

  • The affected hotfixes were not accessible to the general public. We have identified the specific customers who downloaded them, and are in the process of contacting these customers and helping with remediation.

  • Only a limited number of hotfixes were infected, all of which were released during the past two weeks. No security patches were infected.

  • The specific virus is a known one that most commercial virus scanners will detect and remove.

The infection resulted because Microsoft's corporate standards regarding virus-scanning procedures were not followed on one of the servers used to prepare hotfixes. Through this oversight, several hotfixes became infected with a virus. Upon discovering the situation, PSS immediately launched an investigation to determine the scope of the problem and, on April 23, 2001, released an advisory providing preliminary information to the affected communities of users.

PSS has determined that the infected hotfixes were only available for download by Microsoft Premier Customers and Microsoft Gold Partners. No other customers were able to access these downloads. In addition, PSS has confirmed that no security patches were among the infected hotfixes. All of the infected hotfixes were released within the past two weeks.

The virus at issue here is the FunLove virus. While the virus is not destructive, it does degrade the performance of the operating system. In addition, because it can spread via network shares, it can be difficult to remove once ensconced in a network. The virus has been known since 1999, and all major anti-virus products can detect it.

PSS has identified the infected hotfixes and replaced them with virus-free versions. We also have determined which hotfixes were downloaded and by whom. Only a small number of customers downloaded the hotfixes, and PSS is in the process of contacting each of the affected customers to alert them to the issue and assist them in their response efforts.

Microsoft is taking immediate steps to ensure that all computers in our network, particularly those that could be used to transmit a virus to our customers, are fully compliant with our corporate anti-virus policies. We are very sorry the incident occurred, and will do our utmost to ensure that it does not happen again.