Threat Level: green Handler on Duty: Russ McRee

SANS ISC: InfoSec Handlers Diary Blog - Patch Tuesday Fallout InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Patch Tuesday Fallout

Published: 2006-04-16
Last Updated: 2006-04-16 00:56:49 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)
Microsoft published a knowledge base article about issues with MS06-015. The two main culprits appear to be HP's "Share-to-Web" software and Kerio Personal Firewall.

In order to implement the MS06-015 fix, Microsoft created a special binary (VERCLSID.EXE) which will validate extensions before the windows shell or explorer is able to instantiate them. If VERCLSID.EXE fails to run, many functions are disructed (e.g. open files in applications using the 'File'->'Open' menu).

More stories about patch MS06-013 can be found in a recent Inforworld article. This patch was expected to cause issues due to the changes in ActiveX functionality. Again, see the respective Microsoft statement. Let us know if you experience any issues. So far, everything appears to center around 'Siebel 7'. Given the lack of outcries so far, I don't expect a lot of problems with other applications.

(Thanks to Susan and Juha-Matti for their contributions!)
Keywords:
0 comment(s)
Diary Archives