Problem with KB908531 - MS06-015: Vulnerability in Windows Explore
vdm20
experiencing various problems depending on OS.
1) On Windows 2000 Server SP4 Windows Explorer hangs when I click on My
Computer in the folders list (left pane). verclsid.exe launches as a service
(viewable in Windows Task Manager) when Windows Explorer is launched. If I
try to close Windows Explorer the instance will not close.
If I try to launch Internet Explorer (6.0.2800.1106) and type in an address
in to the address bar (such as www.google.com to search for verclsid.exe) the
brower hangs.
If I manually end the verclsid.exe process Windows Explorer will then close
properly. Also, I can then browse normally with Internet Explorer.
I have noticed similar "hanging" on some Windows XP SP2 systems. I have
also noticed that on the Windows XP systems that a directory
C:\WINDOWS\Prefetch is created by virtue of the KB908531 security patch. It
apparently takes some time to generate upon launching Windows Explorer (at
least for the first time).
On the Windows 2000 Server machine the Prefetch directory is NEVER BUILT.
The default directory for Windows is C:\WINNT not C:\WINDOWS. I'm wondering
if this is not a BUG in the KB908531 code for Windows 2000 Server.
It appears that the Prefetch directory is built with a listing of legitimate
executable files. Since the Prefetch directory is not built under Windows
2000 then Windows Explorer, etc. seem to hang, and multiple instances of
verclsid.exe are launched. If I manually kill the verclsid.exe processes in
Windows Task Manager then Windows Explorer and Internet Explorer function
properly (although I assume that I am then no longer protected by the
KB908531 Security Patch).
Is anyone else experiencing this problem?
How should I go about reporting the BUG to Microsoft without having to pay
$$$?
Thanks in advance for your help.
UK@discussions.microsoft.com Adrian UK
"vdm20" wrote:
I think by now that they are probably aware of this!!
You are most definitely not alone.
I have had to use system restore on 2 machines after installing this update,
I have now re-downloaded and instaalled the updates MINUS KB908531.
My machines now appear to be working as before,hopefully Microsoft will
withdraw KB 908531 and replace it with something that works.
Al
running search from Start menu, any attempt to browse from the Look in
folders field results in the program hanging. Likewise, any help would be
appreciated.
_______________________________
Al Fikes
folders pane of my Explorer window on Windows 2000 SP4 system. The culprit -
908531 which I removed and all is well. I also had to remove 912812 which
appeared to rely on 908531.
So how do you tell Microsoft that a a security patch is flawed? I can't
find a way to get feedback to them. When do we know the patch is fixed?
Does the KB number change?
I have a new attitude about quickly installing patches with Windows Update.
--
Al Fikes
Ottmar Freudenberger
> I've spent a while getting to the cause of my new display problem with the
> folders pane of my Explorer window on Windows 2000 SP4 system. The culprit -
> 908531 which I removed and all is well. I also had to remove 912812 which
> appeared to rely on 908531.
Nope, KB912812 does *not* rely on KB908531. Please reinstall at least
KB908531. Otherwise your system is like an open door to "hackers" out
there from the Internet!
Could you please confirm, that you have a HP Scanner connected to
your machine and the HP Scanner software installed?
Bye,
Freudi
Rob
after unistalling and reinstalling Office they discovered that many
other incoming support calls were about the same problem and figured
out that it was KB908531 that was causing the problem. Removing this
update fixed it. Microsoft said they will let me know by e-mail when a
new update is available.
Dean Fehribach
KB908531 and problem is temporarily solved until Server Update Services tells
the PC to install the patch. This I can patch via GP.
I'm curious, though, about the question regarding the HP scanner. This
machine DOES have a USB HP scanner and HP scanning software installed.
arco2005
Microsoft Excel and Word. I contacted Microsoft and was told "we know there
is a problem with KB90831 and suggest you remove the update (done via
add/remove programs) and don't update again until they have posted a new
patch to fix the problem" - how long we have to wait is anybodies guess
Al Fikes
Add/Remove Programs stated that 912812 did require 908531. Therefore, I
uninstalled 912812 before 908531. Both are now not loaded. It seems that
908531 is what's causing my folder view "hangs" in My Computer. I have to
force the Shell to close and restart to clear the problem--not good. Why
would I want to reload 908531 before the patch is fixed?
--
Al Fikes
Al Fikes
--
Al Fikes
vdm20
The Windows 2000 Server SP4 V5.0.2195 does have a HP ScanJet 4C Scanner
(SCSI) attached and uses the HP DeskScan II software. I tried to un-install
HP DeskScan II from the computer (restarted). Then, I uninstalled KB908531
(restarted), then re-ran Windows Update and re-installed KB908531 (restarted)
> Same "hanging" problem with in Windows Explorer and Internet Explorer.
I had hoped that the problem was related to the HP DeskScan II software (see
comments immediately below on the XP Pro computer with HP Scanner, but
without HP DeskScan II). Not sure what to try next.
I also downloaded the all updates onto another computer (today) Windows XP
Pro SP2 V5.1.2600 Build 2600. This computer also has a HP ScanJet 3C Scanner
(SCSI). This computer DOES NOT have the HP DeskScan II software (instead I
rely on the drivers included with MS Office Pro 2003 - In MS Word >
Insert|Picture|From Scanner or Camera|Device > Hewlett-Packard ScanjJet 6100C
or 4C/3C. This XP computer with the HP Scanner DOES NOT experience the same
"hang" problem that the Windows 2000 Server computer does.
Ottmar Freudenberger
> I'm curious, though, about the question regarding the HP scanner. This
> machine DOES have a USB HP scanner and HP scanning software installed.
It did look like there's a conjunction. I'm not sure any longer.
To exclude other ideas, I would like you to answer the following
questions:
#1 Which Windows Version with which Service Pack installed is used?
#2 Is MS Office installed? If true, which version of MS Office
(2000, XP, 2003)?
#3 Could you verify whether KB911831 or KB911701 (both MS06-017) is
installed on either the machines in trouble and/or the fine running
ones?
#4 Is ZoneAlarm installed on any machine?
TIA,
Freudi
Ottmar Freudenberger
>I do have an HP scanner connected and their standard package loaded.
Hm, see end of message.
> Add/Remove Programs stated that 912812 did require 908531.
Na, you could and should ignore the waring from Windows Installer in
these cases. Please reinstall KB912812 in any case. Thanks!
Back to the "KB908531 Problem":
Ottmar Freudenberger
> The Windows 2000 Server SP4 V5.0.2195 does have a HP ScanJet 4C Scanner
> (SCSI) attached and uses the HP DeskScan II software. I tried to un-install
> HP DeskScan II from the computer (restarted). Then, I uninstalled KB908531
> (restarted), then re-ran Windows Update and re-installed KB908531 (restarted)
>> Same "hanging" problem with in Windows Explorer and Internet Explorer.
I'm sorry to here that. Thanks for trying anyway!
Is any MS Office version installed on the Server? If true, which one exactly?
Could you verify whether KB911831 or KB911701 (both MS06-017) is installed
on either the machines in trouble and/or the fine running ones?
Is ZoneAlarm installed on any machine?
TIA,
Freudi
chri...@gmail.com
the posts I saw your references to HP. I Had 3 people with the problem
and they all had a HP scanner connected.
I narrowed it down to the HP Share-to-web software included with HP
scanners.
Some versions you can uninstall it thru the add/remove programs.
Others I had to use msconfig and prevent hpgs2wnf (or similiar) from
starting at boot up.
After a reboot, the problem was gone.
It seems to be a conflict with the update and HP software, at least for
us.
Hope it helps
Ottmar Freudenberger
>I have had the same problem with the verclsid.exe file. Reading thru
> the posts I saw your references to HP. I Had 3 people with the problem
> and they all had a HP scanner connected.
> I narrowed it down to the HP Share-to-web software included with HP
> scanners.
> Some versions you can uninstall it thru the add/remove programs.
> Others I had to use msconfig and prevent hpgs2wnf (or similiar) from
> starting at boot up.
> After a reboot, the problem was gone.
Ooops, fine, thanks for sharing! :-)
Bye,
Freudi
vdm20
containing:
Outlook 11.8010.6868, Word 11.6568.6568, Excel 11.8012.6568, Powerpoint
11.6564.6568, Access 11.6566.6568, and Publisher 11.6565.6568. Neither
KB911831 nor KB911701 nor ZoneAlarm are installed on the Server.
Tom Howe
Same here, after automatically downloading 5 updates on 12th April I
couldn't open Word or Excel files without 'program not responding' and
I couldn't get to my CD drives within Windows Explorer. I thought maybe
Office 2003 was corrupted so I re-installed, when that didn't work I
removed the 5 updates within Add/Remove and that seemed to fix it. I
was lazy though, I should have tried each update in isolation until I
found the culprit but couldn't face the aggravation. Thanks for letting
me know it was KB908531!
Tom
--
Tom Howe
------------------------------------------------------------------------
Posted via http://www.mcse.ms
------------------------------------------------------------------------
View this thread: http://www.mcse.ms/message2260724.html
Geesey48
grzmlyk
XP SPs and additional updates) and now, when I hit "control-o" to open web
pages, the browser hangs. Yet when I type a Web address into the address
bar, I'm able to navigate the Web.
It seems to be related to the KB908531 issue - any solutions?
Al Fikes
To answer your questions,
1. Windows 2000 Pro SP4 with all updates prior to 4-11-06
2. MS Office 2003 SP2 with current updates as of yesterday
3. KB911831 Not loaded KB911701 Not loaded
4. No ZoneAlarm
So, Is HP Share to Web the issue? Do I have to lose it to load KB908531 or
is MS going to fix the security patch?
Thanks for the feedback.
--
Al Fikes
dgre...@gmail.com
I also had a serious problem with KB911831.
I am running Windows XP SP2. I have MS Office 2000 installed, along
with Zone Alarm 3.7.????, but I do not have an HP Scanner, nor do I
have any of the HP Share files mentioned in some other posts.
I had Windows Update install KB911831, which resulted in my computer
being unable to connect to the internet in any way (Outlook, I.E.,
Mozilla Firefox, Symantac Update). My computer became unresponsive &
the only way I was able to shut down was by pulling the plug. Rebooting
did not alleviate the problem. I had to start the computer in Safe
Mode, and restore it to a point prior to the KB911831 installation. A
second installation of KB911831 in which I downloaded the file to my
desktop and manually installed it, resulted in the same problems.
Intrestingly, another of my computers, that's running the same software
listed above, has had no problem with KB911831.
Any ideas?
jeff....@gmail.com
Ottmar Freudenberger
> I am running Windows XP SP2. I have MS Office 2000 installed, along
> with Zone Alarm 3.7.????, but I do not have an HP Scanner, nor do I
> have any of the HP Share files mentioned in some other posts.
Could you do me a favour and mail me the content of the
registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions
Export the key, ZIP the REG file and mail it to me, please. Thanks!
OTOH, please try connecting with ZoneAlarm beeing *completly*
disabled and Windows Firewall enabled instead.
Bye,
Freudi
Ottmar Freudenberger
> Sorry for the delay in my reply.
I'm sorry too...
> The Windows 2000 Server SP4 V5.0.2195 does have a HP ScanJet 4C Scanner
> (SCSI) attached and uses the HP DeskScan II software. I tried to un-install
> HP DeskScan II from the computer (restarted). Then, I uninstalled KB908531
> (restarted), then re-ran Windows Update and re-installed KB908531 (restarted)
>> Same "hanging" problem with in Windows Explorer and Internet Explorer.
>
> I had hoped that the problem was related to the HP DeskScan II software (see
> comments immediately below on the XP Pro computer with HP Scanner, but
> without HP DeskScan II). Not sure what to try next.
Could you do me a favour and mail me the content of the
registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions
Export the key, ZIP the REG file and mail it to me, please. Thanks!
See also http://blogs.technet.com/msrc/archive/2006/04/15/425311.aspx
FWIW, if uploaded a ZIP file which includes a REG file, that does
exactly what the entry above suggests. If the "Share-To-Web" extension
has been "approved" already, _this_ registry entry will be deleted too:
http://patch-info.de/WinXP/Downloads/KB908531_Share-To-Web.zip
HTH,
Freudi
d@discussions.microsoft.com shawn d
B.@discussions.microsoft.com Richard B.
I made the modification outlined in http://support.microsoft.com/kb/918165
and it solved the problem. I do have an HP psc 750 printer/scanner/copier
with the Share to web upload software. I have not experienced any unusual
behaviors with any other security updates.
Thanks!
Richard B.
Fox@discussions.microsoft.com Jeffrey Fox
I also had problems saving MS Office documents under new names. MS Office
would shut down.
I uninstalled the patch and everything is back to normal. Sounds like old
Bill has some problems to take care of.
"Adrian UK" wrote:
Ottmar Freudenberger
> This update caused Windows Explorer to hang on Windows XP PRO SP2.
> I also had problems saving MS Office documents under new names. MS Office
> would shut down.
>
> I uninstalled the patch and everything is back to normal.
And thes security hole to be fixed with KB908531 is open again.
As you may have noticed in the past, as soon as updates are
released and security holes beeing published, the exploits of
that hole are coming more and more quickly. So I urge you to
reinstall KB908531 ASAP and see, if the following helps you:
Problems in Windows Explorer or the Windows shell after you install
security update MS06-015
http://support.microsoft.com/kb/918165/en-us
Microsoft Security Bulletin MS06-015
Vulnerability in Windows Explorer Could Allow Remote Code Execution
(908531)
http://www.microsoft.com/technet/security/bulletin/ms06-015.mspx
For those who have Hewlett Packard's Share to Web Software, there
are two registry patches to choose from (run either one or the
other) not both:
I've made a "patch" back on Saturday available at:
http://patch-info.de/WinXP/Downloads/KB908531_Share-To-Web.zip
(Note this is a Zip file and will need to be extracted. It contains
a REG file which needs to be imported into the registry via double
clicking the contained REG file. You may have to reboot Windows
afterwards.)
or
Kelly has made a patch with exact same functionality available at:
http://www.kellys-korner-xp.com/xp_tweaks.htm
Line #383 - this is a vbs file and instructions on how to use such
files are at the top of the page.
If you're using a Nvidia video card, you may want to update the driver
for that card: http://www.nvidia.com/content/drivers/drivers.asp
In case you're running a Kerio firewall software, please reread
http://support.microsoft.com/kb/918165/en-us cloesly.
HTH,
Freudi
Delgado
"grzmlyk" wrote:
Ok I have the same problem. Installed 908531, and my computer hangs at "file
open" in MS word XP; I tried updating to office 2003, but same problem
occured. Next, I try looking at my sevices and I saw six instance of
verclsid.exe started. I do have a hP printer and a Hp scanner connected to
the Workstation. I try contacting MS, but they have no answer. I guess I'll
have to keep away from this update.
Ottmar Freudenberger
> Ok I have the same problem. Installed 908531, and my computer hangs at "file
> open" in MS word XP; I tried updating to office 2003, but same problem
> occured. Next, I try looking at my sevices and I saw six instance of
> verclsid.exe started. I do have a hP printer and a Hp scanner connected to
> the Workstation. I try contacting MS, but they have no answer. I guess I'll
> have to keep away from this update.
Nope, you may be save if you wait until KB908531 will be rereleased.
That's planned for April 25th.
Bye,
Freudi