Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Patch Tuesday Fallout - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Patch Tuesday Fallout
Microsoft published a knowledge base article about issues with MS06-015. The two main culprits appear to be HP's "Share-to-Web" software and Kerio Personal Firewall.

In order to implement the MS06-015 fix, Microsoft created a special binary (VERCLSID.EXE) which will validate extensions before the windows shell or explorer is able to instantiate them. If VERCLSID.EXE fails to run, many functions are disructed (e.g. open files in applications using the 'File'->'Open' menu).

More stories about patch MS06-013 can be found in a recent Inforworld article. This patch was expected to cause issues due to the changes in ActiveX functionality. Again, see the respective Microsoft statement. Let us know if you experience any issues. So far, everything appears to center around 'Siebel 7'. Given the lack of outcries so far, I don't expect a lot of problems with other applications.

(Thanks to Susan and Juha-Matti for their contributions!)
I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS London June 2022


4478 Posts
ISC Handler
Apr 16th 2006

Sign Up for Free or Log In to start participating in the conversation!