As a result of ongoing problems with one of the software updates it released April 11, Microsoft has announced it will release an updated, out-of-cycle patch on April 25.
Late Thursday a Microsoft spokesman said the company had completed its initial investigation into issues with MS06-015. According to published reports, after installing MS06-015 -- a critical update released on "Patch Tuesday" to fix a Windows Explorer remote code-execution vulnerability involving the way the program handles COM objects -- users of Hewlett-Packard Co. hardware and software experienced various problems, as did users of Sunbelt Software's Kerio Personal Firewall and various nVidia Corp. video cards.
To address those issues, Microsoft will issue what it called "a targeted re-release" of the MS06-015 update. That means affected customers who have enabled automatic updates will receive the fix without taking any action. Those who aren't experiencing problems will not be affected and will not be compelled to install the new patch.
In a posting to the Microsoft Security Response Center blog early Friday morning, program manager Stephen Toulouse said Microsoft had been advising customers to use one of several potential solutions: upgrade to the newest versions of the affected software, implement a manual Registry key fix, uninstall the third-party software or uninstall MS06-015.
Instead, Toulouse said, the software giant decided the best course of action would be to re-engineer the update to avoid the conflict altogether.
"What the new update essentially does is simply add the affected third-party software to an 'exception list,'" Toulouse said, "so that the problem does not occur. The revised update automates the manual Registry key fix."
He also emphasized that the re-issued update will not cause any problems or force any action on the part of most organizations. "Windows Update, Microsoft Update, and Automatic Update will have detection logic built into them to only offer the revised update (which essentially includes the registry key fix) to those customers who either don't have MS06-015 or are having the problem," Toulouse said.
Earlier in the week, Microsoft published a Knowledge Base article offering more detail on the third-party software issues. The vendor confirmed that Kerio Personal Firewall users and HP Share-to-Web users that are also using HP's PhotoSmart software, DeskJet printers with a card reader, certain scanners, cameras and CD/DVD-RW drives may experience the following issues:
· The inability to access special folders like "My Documents" or "My Pictures."
· Unresponsive Office applications when you attempt to save or open Office files in the "My Documents" folder.
· The inability to open Office files in the "My Documents" folder.
· Unresponsive programs after opening a file through an application's File / Open menu.
· Typing an address into Internet Explorer's address bar has no effect.
· Right-clicking on a file and selecting "Send To" has no effect.
· Clicking on the plus (+) sign beside a folder in Windows Explorer has no effect.
· Unresponsive third-party applications when opening or saving data in the "My Documents" folder.
The problems are caused by a new binary, VERCLSID.EXE, which is installed along with MS06-015. The file validates shell extensions before they are instantiated by the Windows Shell or Windows Explorer, but on some computers it incites an unresponsive condition.
MS06-015 was one of five new updates released April 11 as part of Microsoft's regularly scheduled monthly security update. The company released two other critical patches, one of which addressed the widely exploited createTextRange flaw in Internet Explorer and implemented some legally mandated changes in how its browser handles ActiveX controls. The other critical patch fixed a remote code execution vulnerability in the RDS.Dataspace ActiveX control that is distributed via Microsoft data access components (MDAC), a collection of components used to provide database connectivity on Windows platforms.