Microsoft to Reissue Problem Patch to Fix Lockup Glitches
Modernizing Authentication — What It Takes to Transform Secure Access
For some Windows users, there will be two Patch Tuesdays in April.
The Redmond, Wash. software maker plans to rerelease the problematic MS06-015 update on April 25 to correct an issue that has caused system hangs, Windows crashes and the appearance of strange dialog boxes after the original patch was installed.
"[We have] re-engineered the MS06-015 update to avoid the conflict altogether," said Stephen Toulouse, program manager in the Microsoft Security Response Center.
The company's plan is to target the rerelease only to Windows users who are affected. In a blog entry, Toulouse said the company's patch deployment technologies will have "detection logic" built into them to only offer the revised update to customers who don't have MS06-015 or are having the problem.
The glitches, which Microsoft claims affect only a tiny fraction of the 120 million installations of the patch, stem from a new binary called VERCLSID.EXE that validates shell extensions before they are instantiated by the Windows Shell or Windows Explorer. On systems running Hewlett-Packard's Share-to-Web software, Sunbelt's Kerio Personal Firewall and some NVIDIA Drivers, users complained that the new binary stopped responding.
This caused some applications to hang when conducting certain operations, like opening a file from the "File open" dialog in an application. Windows users deploying the critical MS06-015 update have also complained about problems accessing special folders like "My Documents" or "My Pictures."
In addition, the update is causing Microsoft Office applications to stop responding when Office files are saved or opened in the "My Documents" folder, system freezes when opening a file through an application's file/open menu, and lockups when typing a URL into IE.
"What the new [re-engineered] update essentially does is simply add the affected third-party software to an 'exception list' so that the problem does not occur. The revised update automates the manual registry key fix," Toulouse explained, referring to a workaround released in a knowledge base article earlier this week.
"I want to be real clear about that. When the update is rereleased, it's going to be very much targeted to people who are having the problem, or people who have not installed MS06-015 yet. That means if you have already installed MS06-015 and are not having the problem, there's no action here for you," he added.