Microsoft's ANI patch levert problemen op met REALTEK. 2 artikelen
Windows cursor patch creates difficulties
Joris Evers CNET News.com
Published: 05 Apr 2007 09:45 BST
Installing Microsoft's Tuesday patch for a "critical"
Windows vulnerability is causing trouble for some users.
Microsoft broke with its monthly patch cycle on Tuesday to repair a bug in the way
Windows handles animated cursors. Cybercrooks had been using the hole since
last week to attack Windows PCs. But
the fix is not compatible with software that runs audio and networking
components from Realtek Semiconductor, some Windows users have found.
"Apparently the update is not compatible with Realtek," reader
Dave House wrote in an email to ZDNet UK's sister site, CNET News.com. "We
lost all Ethernet and audio functions. Removing the update and doing system
restores brought the systems back."
Microsoft is aware of problems with Realtek's audio software. In fact, it
knew about them before releasing the fix and published a support article with
the security bulletin. An additional update is available from Microsoft to
remedy the problem, according to the company's website. Microsoft is not aware
of networking issues, a representative said.
The audio problem occurs on Windows XP PCs that have the Realtek HD Audio
Control Panel installed, Microsoft said. The application may not start after
the patch is applied and Windows may display an error message, the company
said.
Microsoft consciously released the cursor flaw patch despite the
compatibility problem, Mike Reavey, a Microsoft Security Response Center
staffer, wrote on a corporate blog. The company tested the fix throughout
February and March and eliminated many problems, he wrote.
"At one point our testing had uncovered over 80 potential issues with
the update that were investigated and resolved... at the time of release, only
one minor quality issue was known," Reavey wrote.
The cursor vulnerability is one of seven flaws addressed by Microsoft's
Tuesday patch - three of them also affect Vista.
Cybercrooks moved quickly to exploit the cursor hole. Security firm Websense
has spotted hundreds of websites that try to use the bug to compromise PCs, as
well as an email spam campaign with links to the malicious sites.
Microsoft plans to issue additional fixes next week on its regular monthly
patch day, the company said.
AANVULLING:
Just one day after releasing an emergency patch for a vulnerability in its operating system, Microsoft has documented one problem with it and is asking users to report any other issues they might encounter.
Microsoft late Tuesday issued a Knowledge Base (KB) article and a hotfix addressing a problem that may cause the Realtek HD Audio Control Panel not to start after installing the MS07-017
patch, released Tuesday to fix a bug in the way Windows processes .ani Animated Cursor files.
The
control panel, developed by Realtek Semiconductor, is used to configure
the onboard Realtek HD sound on the system’s motherboard.
Users
are rushing to install the MS07-017 patch based on known exploits
already occurring and the fact it could allow an attacker to take
complete control of a system remotely. The patch’s severity rating was
critical.
The Realtek issue affects users who have installed the patch on Windows XP Service Pack 2 – Professional, Home, Tablet and
Media Center Editions.
In addition to the Realtek issue, the Internet Storm Center at the SANS Institute also is reporting that “other possible issues
have been reported and are being investigated.”
Microsoft
did not confirm the existence of “other possible issues,” but a
spokesman said, “I can tell you that Microsoft encourages customers who
believe they are affected can contact Product Support Services.” There
is no charge for contacting Product Support Services in North America
at 1866-PCSAFETY or here for international customers.
The
spokesman added, “The company was aware of the Realtek HD Audio Control
Panel issue during testing of MS07-017,” and recommended that users
affected by the problem download the hotfix,
“Currently, the impact of this known issue appears limited in terms of the number of customers impacted,” the spokesman said
in an e-mail. Microsoft is continuing to monitor the situation.
The Realtek problem also involves security update MS07-008, which was released in February to address a vulnerability in the Windows HTML Help ActiveX control that
could allow remote code execution.
Microsoft said in the KB article that the Realtek problem occurs after installing the two updates. A user with the Realtek
HD Audio Control Panel installed would see an alert telling them of an “illegal system DLL relocation.”
The KB article says “the Hhctrl.ocx file that is included in
security update 928843 [MS07-008] and the User32.dll file that is
included in security update 925902 [MS07-017] have conflicting base
addresses. This problem occurs if the program loads the Hhctrl.ocx file
before it loads the User32.dll file.”
Microsoft was
forced to release the MS07-017 patch a week ahead of its monthly
“second Tuesday” patch schedule, because exploits of the vulnerability
had become too widespread. Microsoft said it was only the third such
early release of a patch since January 2006. Microsoft was first
notified of the animated-cursor files flaw in December 2006 by security
vendor Determina.
Bron o.a.: NetworkWorld
|
Nieuws Blog 
