As a result of ongoing problems with one of the software updates it released April 11, Microsoft has announced...
it will release an updated, out-of-cycle patch on April 25.
Late Thursday a Microsoft spokesman said the company had completed its initial investigation into issues with MS06-015. According to published reports, after installing MS06-015 -- a critical update released on "Patch Tuesday" to fix a Windows Explorer remote code-execution vulnerability involving the way the program handles COM objects -- users of Hewlett-Packard Co. hardware and software experienced various problems, as did users of Sunbelt Software's Kerio Personal Firewall and various nVidia Corp. video cards.
In a posting to the Microsoft Security Response Center blog early Friday morning, program manager Stephen Toulouse said Microsoft had been advising customers to use one of several potential solutions: upgrade to the newest versions of the affected software, implement a manual Registry key fix, uninstall the third-party software or uninstall MS06-015.
Instead, Toulouse said, the software giant decided the best course of action would be to re-engineer the update to avoid the conflict altogether.
"What the new update essentially does is simply add the affected third-party software to an 'exception list,'" Toulouse said, "so that the problem does not occur. The revised update automates the manual Registry key fix."
He also emphasized that the re-issued update will not cause any problems or force any action on the part of most organizations. "Windows Update, Microsoft Update, and Automatic Update will have detection logic built into them to only offer the revised update (which essentially includes the registry key fix) to those customers who either don't have MS06-015 or are having the problem," Toulouse said.
Earlier in the week, Microsoft published a Knowledge Base article offering more detail on the third-party software issues. The vendor confirmed that Kerio Personal Firewall users and HP Share-to-Web users that are also using HP's PhotoSmart software, DeskJet printers with a card reader, certain scanners, cameras and CD/DVD-RW drives may experience the following issues:
The problems are caused by a new binary, VERCLSID.EXE, which is installed along with MS06-015. The file validates shell extensions before they are instantiated by the Windows Shell or Windows Explorer, but on some computers it incites an unresponsive condition.
MS06-015 was one of five new updates released April 11 as part of Microsoft's regularly scheduled monthly security update. The company released two other critical patches, one of which addressed the widely exploited createTextRange flaw in Internet Explorer and implemented some legally mandated changes in how its browser handles ActiveX controls. The other critical patch fixed a remote code execution vulnerability in the RDS.Dataspace ActiveX control that is distributed via Microsoft data access components (MDAC), a collection of components used to provide database connectivity on Windows platforms.