Security
April 18, 2006
Latest Microsoft Security Glitch Limited
By Ed Sutherland
UPDATED: Microsoft said a limited range of consumer software is to blame for its latest security update unintentionally backfiring on Office and IE users.
The update was among five the company released last week. Some analysts say the software giant's solution doesn't go far enough and is courting disaster.
Digital photography software from HP and a personal firewall from Sunbelt Software rejected a new file Microsoft introduced as part of a security fix for a flaw in Windows Explorer. The glitch causes Office to stop saving and opening files and prevents IE from visiting Web pages.
The problems reported appear limited to consumer-oriented software, Microsoft stresses on its security blog. MS06-015 included a new file, VERCLSID.EXE, which validates shell extensions before being used by Windows Explorer or Windows Shell.
A vulnerability in Windows Explorer, which Microsoft deemed "important," allowed remote attackers to convince the shell to start HTML applications, thereby gaining total system control. However, the solution seems to be creating problems for some applications.
In explaining the glitch, Microsoft said HP's Share-to-Web software causes VERCLSID.EXE to stop responding...
Internetnews.com - Update Glitch in Patch
April 18, 2006
Latest Microsoft Security Glitch Limited
By Ed Sutherland
UPDATED: Microsoft said a limited range of consumer software is to blame for its latest security update unintentionally backfiring on Office and IE users.
The update was among five the company released last week. Some analysts say the software giant's solution doesn't go far enough and is courting disaster.
Digital photography software from HP and a personal firewall from Sunbelt Software rejected a new file Microsoft introduced as part of a security fix for a flaw in Windows Explorer. The glitch causes Office to stop saving and opening files and prevents IE from visiting Web pages.
The problems reported appear limited to consumer-oriented software, Microsoft stresses on its security blog. MS06-015 included a new file, VERCLSID.EXE, which validates shell extensions before being used by Windows Explorer or Windows Shell.
A vulnerability in Windows Explorer, which Microsoft deemed "important," allowed remote attackers to convince the shell to start HTML applications, thereby gaining total system control. However, the solution seems to be creating problems for some applications.
In explaining the glitch, Microsoft said HP's Share-to-Web software causes VERCLSID.EXE to stop responding...
Internetnews.com - Update Glitch in Patch
:freak:
