MS06-015 (KB908531) heads up
Results 1 to 10 of 10

Thread: MS06-015 (KB908531) heads up

  1. #1
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786

    MS06-015 (KB908531) heads up

    if its not already to late

    seems one of the security patches from MS, the one in which a remote attacker can run arbitrary code and completely take over the computer (MS06-015 (KB908531)) has some serious falws. it is not compatable with many types of software including HP and NVIDIA and much more

    there is no one set of foulups this patch can create. ive lost two remote boxen that get and install their updates from micro softs site. fortunatly i wait a week before i approve updates on the sus serever in case i hear anything bad about them

    these 2 computers have has their resolution reduced to 460x380 making it impossibe to run some prepriatory software and just plane rediculas to run anything else. these setting cannot be changed any attempt to change them results in an immidiate BSoD. i heard of allot of problems with the office suite and HP equipment internet connectivity and much more caused by this patch although its said the 90% aren't affected adversly

    i f you havn't approved them DONT! wait for a corrected version. some people have reported these problem being fixed by removing the fix and making an addition to the registry but neither have worked for me
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  2. #2
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Funny I was at a site yesterday...and the screen resolution just went wonky so they called me...

    Intel Video chip set in a dell.

    They use PC anywhere...which I thought maybe the cause cause I have seen video issues with PCA before.
    ( 3rd party software insists they use pca)

    I had to remove the video driver, reboot and then add again.....

    seemed to work...no blue screens.

    Have seen updates blow out drivers before....so I wasnt too surprized

    I have a nvidia...no issues...so far???

    MLF

    EDIT

    Well I see why now...dont have that update.

    Thanks for the heads up...I think I need to tweak the ISA 2004 to allow windows updates.....may be a good thing I didnt get them yet...my machine BSODing right now would not be good...too fricken busy
    How people treat you is their karma- how you react is yours-Wayne Dyer

  3. #3
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    Just so happened one of our production boxes had a HP Scanjet hooked up to it so it started to develop problems right after the patch was installed, but I found this fix and it worked okay after that...

    http://support.microsoft.com/kb/918165
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  4. #4
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi Ted~

    Is there any sort of pattern as to the OS, SP, patch level, deployment/scenario?

    I have had it since the 12th. April with no problems (yet). Windows 2000 professional & XP Professional..............all at the latest patch level.

    No local reports from my "network" either?

    I have had trouble in the past with patches/updates that have not installed correctly. Belarc Advisor is a pretty useful tool for detecting that situation.

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  5. #5
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    FYI

    Well I just installed and reboot...

    And so far...so good.

    I have an NVidia Geforce FX 5500
    XP Pro SP2

    All updates

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  6. #6
    Junior Member
    Join Date
    Apr 2006
    Posts
    14

    MS06-015 (KB908531)

    Nice find.

    I ran across this late last week and early this week on mupltiple machines running windows 2000 /XP. I had looked for a fix but did not find anything (KB article dated Apirl 19). I ended up restoring system states on the affected boxes to get them to function properly.. Very Nasty issue. Thanks for the heads up and pointing me to that KB article.. Saved the day.. Seems to work find after reg changes.

  7. #7
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    Microsoft has revised the advisory for MS06-015.

    I've heard of issues with this security update. Does Microsoft plan to release a revised security update to address these issues?
    Microsoft has completed its initial investigation into issues involving old third party software that customers may have experienced after the installation of this security update. On Tuesday, April 25, Microsoft will issue a targeted re-release of the MS06-015 update.

    Note Customers who have already applied the MS06-015 update who are not experiencing the problem need take no action
    http://www.microsoft.com/technet/sec.../MS06-015.mspx

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  8. #8
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    Hi

    There is an update for this problem:

    As a result of ongoing problems with one of the software updates it released April 11, Microsoft has announced it will release an updated, out-of-cycle patch on April 25.
    Late Thursday a Microsoft spokesman said the company had completed its initial investigation into issues with MS06-015. According to published reports, after installing MS06-015 -- a critical update released on "Patch Tuesday" to fix a Windows Explorer remote code-execution vulnerability involving the way the program handles COM objects -- users of Hewlett-Packard Co. hardware and software experienced various problems, as did users of Sunbelt Software's Kerio Personal Firewall and various nVidia Corp. video cards.



    To address those issues, Microsoft will issue what it called "a targeted re-release" of the MS06-015 update. That means affected customers who have enabled automatic updates will receive the fix without taking any action. Those who aren't experiencing problems will not be affected and will not be compelled to install the new patch.
    In a posting to the Microsoft Security Response Center blog early Friday morning, program manager Stephen Toulouse said Microsoft had been advising customers to use one of several potential solutions: upgrade to the newest versions of the affected software, implement a manual Registry key fix, uninstall the third-party software or uninstall MS06-015.
    Instead, Toulouse said, the software giant decided the best course of action would be to re-engineer the update to avoid the conflict altogether.
    "What the new update essentially does is simply add the affected third-party software to an 'exception list,'" Toulouse said, "so that the problem does not occur. The revised update automates the manual Registry key fix."
    He also emphasized that the re-issued update will not cause any problems or force any action on the part of most organizations. "Windows Update, Microsoft Update, and Automatic Update will have detection logic built into them to only offer the revised update (which essentially includes the registry key fix) to those customers who either don't have MS06-015 or are having the problem," Toulouse said.
    Earlier in the week, Microsoft published a Knowledge Base article offering more detail on the third-party software issues. The vendor confirmed that Kerio Personal Firewall users and HP Share-to-Web users that are also using HP's PhotoSmart software, DeskJet printers with a card reader, certain scanners, cameras and CD/DVD-RW drives may experience the following issues:
    · The inability to access special folders like "My Documents" or "My Pictures."
    · Unresponsive Office applications when you attempt to save or open Office files in the "My Documents" folder.
    · The inability to open Office files in the "My Documents" folder.
    · Unresponsive programs after opening a file through an application's File / Open menu.
    · Typing an address into Internet Explorer's address bar has no effect.
    · Right-clicking on a file and selecting "Send To" has no effect.
    · Clicking on the plus (+) sign beside a folder in Windows Explorer has no effect.
    · Unresponsive third-party applications when opening or saving data in the "My Documents" folder.
    The problems are caused by a new binary, VERCLSID.EXE, which is installed along with MS06-015. The file validates shell extensions before they are instantiated by the Windows Shell or Windows Explorer, but on some computers it incites an unresponsive condition.
    MS06-015 was one of five new updates released April 11 as part of Microsoft's regularly scheduled monthly security update. The company released two other critical patches, one of which addressed the widely exploited createTextRange flaw in Internet Explorer and implemented some legally mandated changes in how its browser handles ActiveX controls. The other critical patch fixed a remote code execution vulnerability in the RDS.Dataspace ActiveX control that is distributed via Microsoft data access components (MDAC), a collection of components used to provide database connectivity on Windows platforms.

    Microsoft to force out of cycle patch repair
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  9. #9
    IT Specialist Ghost_25inf's Avatar
    Join Date
    Sep 2001
    Location
    Michigan
    Posts
    648
    I dont remember if this was the patch, but last week I posted a problem here where IE wouldnt automatically add http:\\ to the address bar when I typed in an address. also found that the patch had issues with the save as feature. found a solution on expert-exchange where I added a reg entery and the problem was fixed. Microsoft pushing out these patches too quickly without properly testing them. This is going to upset alot of people if this keeps hapening. Thanks for the update keeping my eyes open for any more problems.
    S25vd2xlZGdlIGlzIHBvd2VyIQ

  10. #10
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Lol you think this is bad? For the SECOND time, I've had to do a go back on my Laptop on the XP partition because after installing an update the box wouldn't boot up again. It would go to the Windows XP screen where the little bars scroll and sit there.

    Had to boot into safe mode and have it go back to a previous state AGAIN.

    I swear Microsoft patches do more damage than a hacker you're patching against could sometimes.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •