close

Privacy guaranteed - Your email is not shared with anyone.

Microsoft Patch Causing Lockups, Crashes

Discussion in 'Tech Talk' started by Washington D.C., Apr 17, 2006.

  1. Washington D.C.

    Washington D.C.

    Joined:
    Oct 13, 2003
    Messages:
    5,218
    Likes Received:
    1
    Location:
    Woestyn Kusdorp
    http://news.yahoo.com/s/cmp/20060415/tc_cmp/185302896








    Fri Apr 14, 2:06 PM ET

    One Microsoft security patch released this week is causing Internet Explorer lock-ups, Windows hangs and system crashes for some IT administrators and partners.


    MS06-015 is one of five patches Microsoft released Tuesday to correct, among other things, a "critical" Windows Explorer vulnerability that hackers could use to execute code remotely.

    But that security patch contains a new file — named Verclsid.exe — that conflicts with Hewlett-Packard printers, scanners and cameras, one Microsoft security official acknowledged on Microsoft's online technical support site.

    "We've determined that the majority of the issues people are having with MS06-015/KB908531 are due to a bad interaction between the security update and a software component included with various HP hardware devices, including but not limited to printers, scanners, and cameras," wrote Steven Hui, a Microsoft spokesperson on TechNet who fielded questions Thursday from numerous irritated customers and IT administrators on its online technical help site.

    A myriad of users flocked to Microsoft's online technical support site for help late this week claiming to numerous problems including systems IE lock-ups that occurred after installing the MS06-015 patch. The issues did not clear up even after reboot, some said.

    Some claimed the issues were not isolated to systems connected to HP hardware.

    In many cases, the problem required users and partners to uninstall the patch or perform system restores to get systems back up and running.

    "Customers are reporting IE stops working and numerous instances of verclsid.exe show up,'" said Brian Bergin, president of Terabyte Computers. "To fix yet another security issue with IE, [Microsoft] has verclsid.exe they've introduced but obviously didn't test."

    "If you right click on the desktop now it freezes," said another source who asked not to be named.

    Microsoft's Hui recommended customers modify the registry or shut down the hardware process to avoid the conflict, but later noted that the second option would only work for users currently logged-in.

    It remains unclear how widespread the problem is for business users and consumers that downloaded the security update.

    At least four Microsoft solution providers contacted by CRN could not identify any problems in their user bases. One security ISV close to Microsoft speculated that the problems may be traced back to the non-security changes made to the ActiveX controls in the IE cumulative patch [MS06-013] but he could not confirm that.

    Microsoft did not comment on this story as of press time. As the software giant investigates the problem, however, some customers have taken Microsoft's initial advice or came up with their own workarounds.

    On the TechNet Web site, for example, one user suggested simply renaming the "verclsid.exe" file to another name before installation to prevent problems.

    Microsoft said the Verclsid.exe file in MS06-015 is used to verify a COM object before it is instantiated by Windows Explorer. The security patch is for
    Windows 2000 SP4,
    Windows XP, Windows Server 2003.

    Yet another user suggested turning off all processes using the Windows Task Manager or the auto-update (AU) process altogether and wait a week before installing patches.

    Microsoft disagreed with that solution and said it is important to re-install MS06-015 because it fixes a critical security vulnerability and pointed out that disabling Auto Update leaves computers unprotected.

    One solution provider said he is following that advice but noted that some customers are thinking about shutting off Microsoft's Auto Update feature to prevent downloading security patches that disable their systems.

    "We're recommending they leave AU enabled but they're understandably frustrated. For some customers this is the second time in the past year an update from Microsoft has left them unable to work," said Terabyte's Bergin. "Some have said they're done with auto updates and want it disabled to let others to beta test Microsoft fixes before they install them.
     
  2. David N.

    David N.

    Joined:
    Feb 13, 2002
    Messages:
    328
    Likes Received:
    0
    Location:
    Kentucky
    Well, you gotta admit, if the computer crashes, no hackers are going to be exploiting it. Guess the patch does "fix" the vulnerability.
     

  3. hankhan

    hankhan Guest

    Give Mr. Poopta Goopta a call at Microsoft, he's in Bangalore and waiting for you to call - be sure to report back here on what he says.
     
  4. fastlane

    fastlane

    Joined:
    Oct 17, 2002
    Messages:
    17
    Likes Received:
    0
    Location:
    Ohio
    I'm the IT manager for ThinkTV, this update has caused two computer sytems to crash. They both were using Windows XP Prof. and using HP color printers. Beware of this last critical update.
     
  5. Blitzer

    Blitzer Cool Cat

    Joined:
    Jan 15, 2004
    Messages:
    12,111
    Likes Received:
    2
    Location:
    The communist's play ground of OHIO
    Security

    April 18, 2006
    Latest Microsoft Security Glitch Limited
    By Ed Sutherland

    UPDATED: Microsoft said a limited range of consumer software is to blame for its latest security update unintentionally backfiring on Office and IE users.

    The update was among five the company released last week. Some analysts say the software giant's solution doesn't go far enough and is courting disaster.

    Digital photography software from HP and a personal firewall from Sunbelt Software rejected a new file Microsoft introduced as part of a security fix for a flaw in Windows Explorer. The glitch causes Office to stop saving and opening files and prevents IE from visiting Web pages.

    The problems reported appear limited to consumer-oriented software, Microsoft stresses on its security blog. MS06-015 included a new file, VERCLSID.EXE, which validates shell extensions before being used by Windows Explorer or Windows Shell.

    A vulnerability in Windows Explorer, which Microsoft deemed "important," allowed remote attackers to convince the shell to start HTML applications, thereby gaining total system control. However, the solution seems to be creating problems for some applications.

    In explaining the glitch, Microsoft said HP's Share-to-Web software causes VERCLSID.EXE to stop responding...



    Internetnews.com - Update Glitch in Patch
     
  6. Wingnut357

    Wingnut357 Killer Casual

    Joined:
    Dec 13, 2004
    Messages:
    122
    Likes Received:
    0
    Location:
    Miami
    They're a forward thinking bunch.
     
  7. Blitzer

    Blitzer Cool Cat

    Joined:
    Jan 15, 2004
    Messages:
    12,111
    Likes Received:
    2
    Location:
    The communist's play ground of OHIO
    Like a cromag would be. :alien: :freak:

    I formated my laptop and reloaded Win2K. I now have the list of updates displayed on my screen. As of today, May 25th 2006, the patch has been withdrawn from the crutical updates list.