Microsoft skipped patching one of the vulnerabilities addressed in its monthly security update, saying that crafting a fix was “infeasible,” left the Windows 2000 Server SP4 users vulnerable to attack. Microsoft delivered five critical updates that patched eight vulnerabilities in Windows, including one that the company won’t bother fixing in Windows 2000 Server SP4. The operating system’s support doesn’t end until July 2010; until then, Microsoft was supposed to provide updates. “That’s really strange,” said Jason Miller, Security and Data Team Manager, Shavlik Technologies. “I haven’t seen them do this before.” In the MS09-048 bulletin, Microsoft spelled out why it’s not fixing the flaw in Windows 2000 SP4.