Microsoft Offers Registry Fix to Patch IE, Office
Initial reports Friday of crashes and lockups caused by the MS06-015 security bulletin ranged from lockups of third-party software to Internet Explorer going dead.
MS06-015 was one of five bulletins released Tuesday, April 11. The critical patch was deployed to fix a flaw in Windows Explorer, the operating system's file navigation application, that could let an attack hijack a PC.
In the document posted to Microsoft's Knowledgebase support database, Microsoft acknowledged a slew of additional problems, including an inability to open Office documents from the "My Documents" folder, applications crashing when attempts to open files through the File/Open command are made, and inaccessible "My Documents" and "My Pictures" folders.
Microsoft blamed the problems on Hewlett-Packard software for scanners, cameras, and printers, but also said that Sunbelt Software's Kerio Personal Firewall prevented a recrafted Verclsid.exe file from executing.
It also downplayed the difficulties. "Our information at this time leads us to believe that this is having little to no impact on corporate networks," wrote Mike Reavey, operations manager of the Microsoft Security Response Center, on the group's blog.
To correct the conflict, Microsoft only offered a workaround that required users to dive into the Windows registry, then add an entry there. If the registry becomes corrupted or is improperly edited, the affected PC may not boot into Windows.
Microsoft didn't promise that the HP issue was the end of the trouble. "It has not been determined if there are other third-party COM controls or shell extensions that may also cause this problem," the company said in the document.
Past security bulletins have had to be reissued. In October 2005, for example, the company revised two different patches.