Microsoft Re-Engineers April’s Security Update
Well, it seems as though Microsoft isn’t completely out of the woods from the critically rated vulnerabilities that plagued its operating systems late last month. It appears that the remedy for these security holes wasn’t entirely without consequences. There were six scheduled update patches for April, three of which were critical and three that had less severe ratings. Microsoft did come out with the fix very quickly after learning about all of this, which blocked the security holes, but has affected a lot of popular software programs along the way.
It appears as though the Windows patch, MS06-015 , which was a patch that corrected, among other things, the way Internet Explorer handled specially crafted Web pages. This allowed an attacker to eventually take control of your machine. This patch, as well as, MS06-016, which was a less severe fix, has had a major effects on people using Outlook Express.
The patch, MS06-015, which is a very important update, doesn’t seem to play nice with some HP programs and device drivers such as HP cameras, printers and scanners. All of these devices can be adversely affected by this patch. The update specifically has a problem with the HP program, “Share to Web,” which HP doesn’t send out with their products anymore, but was very popular for a long time.
Another scenario deals with Nvidia graphics card drivers, which are very popular also among the list of affected devices. Nvidia graphics cards have very common hardware upgrades for home users and may even be your onboard graphics chipset.
Another affected program is the Sunbelt’s Kerio Personal firewall. The use of any of these programs can cause them to freeze or hang up when performing certain operations.
In addition to affecting the before mentioned applications the updates can also have an adverse effect on your special folders (i.e. My Documents, My Pictures or My Music). The patch may not allow users to open or save files to these folders. Third party applications trying to access or save data in these areas can hang up needing a restart, in order to get back to work.
Here’s a complete list of what to look for if you think that you may need the re-tooled Windows patch:
After you install security update 908531 (security bulletin MS06-015), you may experience one or more of the following problems:
- You cannot access special folders such as “My Documents” or “My Pictures.”
- Microsoft Office applications stop responding when you try to save or open Office files in the “My Documents” folder.
- Office files that are located in the “My Documents” folder cannot be opened.
- If you open a file by clicking Open on the File menu, the application stops responding.
- When you type an address in the Address box in Microsoft Internet Explorer, nothing happens.
- When you right click a file and then click Send To, nothing happens.
- When you expand a folder in Windows Explorer, nothing happens.
- Some third party applications stop responding when you open or save data in the “My Documents” folder.
In addition to this patch instability, there is also a problem with the update MS06-016 that was an update to help fix vulnerabilities with Outlook Express. This update can cause huge problems in OE, denying users the ability to use their address book at all. This vulnerability was reported to Microsoft by several upset Windows end users suspecting the patch for their inability to use their OE address book. The fix for both of these is supposed to by posted for by April 25, 2006.
Microsoft’s update fix will only be issued to those users who are having one of the before mentioned issues or users who have not yet downloaded the Windows April update.
Windows will be able to determine this by using their Windows genuine authentication service, which will tell them the status of your update and whether or not you need the patch fix.
If you would like to see if you need the patch fix, you can perform a manual update. To do this, simply make sure you’re connected online and then go to Start, All Programs, Windows Update and choose Custom when Microsoft is finished scanning your system. If there is anything in the critical category that your system needs, download and repeat until there is nothing left in the critical category. If you do that, you should be covered.
Until next week, stay safe out there.
~ Chad Stelnicki