Two patches released in Microsofts April batch of security updates are causing system hangs, Windows crashes and the appearance of strange dialog boxes.
The problems stem from a nonsecurity modification to Internet Explorer and a critical fix for a code execution hole in Windows Explorer. The changes affect third-party programs from Google and Siebel Systems, as well as Microsofts own Windows Media Player.
On April 15, Microsoft acknowledged “problems” in the Windows Shell component of Windows Explorer after the MS06-015 security update is installed.
That update, Microsoft said in a Knowledge Base article, includes a new binary called verclsid.exe that validates shell extensions before they are instantiated by the Windows Shell or by Windows Explorer.
On some consumer-facing programs running Hewlett-Packards Share-to-Web software and Sunbelt Softwares Sunbelt Kerio Personal Firewall, the new binary stops responding.
The issue is having “little to no impact on corporate networks,” said Mike Reavey, program manager in the Microsoft Security Response Center, in Redmond, Wash.
Windows users deploying the MS06-015 update also have complained about problems accessing special folders such as My Documents or My Pictures.
In addition, the update is causing Microsoft Office applications to stop responding when Office files are saved or opened in the My Documents folder, system freezes when opening a file through an applications File/Open menu and lockups when typing a URL into IE.
According to PatchLink, of Scottsdale, Ariz., the MS06-013 mega-patch, which includes a significant modification to the way IE renders certain ActiveX controls, also is causing workflow issues for its enterprise clients.
The ActiveX changes result from an ongoing patent dispute between Microsoft and Eolas Technologies. IE users must now manually interact with certain embedded multimedia content.
According to a PatchLink spokesperson, businesses using all Siebel 7 High Interactive clients must click several times to interact with the program because of the way the ActiveX change was made. Siebel and Microsoft are working together to identify a solution, and a Siebel product update will be released in the spring of 2006 to address the issue.
Windows users running the Google Toolbar are also reporting an access violation error when a window containing an inactive ActiveX control is closed. Google is expected to ship an automatic update to fix the problem, which affects versions before Google Toolbar Version 3.0.129.2.
The PatchLink spokesperson- said problems were also reported in ActiveX controls that use Java Platform, Standard Edition 1.3 or 1.4.
Holy Patch Perils, Batman!
These are the programs affected by Microsofts most recent security updates:
* HPs Share-to-Web software
* Sunbelt Kerio Personal Firewall
* Google Toolbar
* ActiveX controls that use Java
Platform, Standard Edition 1.3 or 1.4
* Siebel programs that use ActiveX controls
The following are the associated patch problems:
* External script technique does not work when the “Disable Script Debugging (Internet Explorer)” check box is cleared
* Unable to use the /integrate switch to update Windows installation source files
