Out of schedule patch release - Animated cursor may cause code execution

[LTR12101B]

Microsoft released the patch for this bug (and a rollup of several other privilege escalation vulnerabilities) on Tuesday the 3rd of April, with no other patches on this date.

http://support.microsoft.com/kb/925902

Known issues, problem with Realtek Audio control panel, requiring a further patch which is currently only available by contacting Microsoft.

The primary vulnerabilty addressed by this patch is http://www.microsoft.com/technet/security/advisory/935423.mspx


It is unknown if there will be any releases on the second tuesday "patch tuesday", or if this will be the sole patch release for this month.

 

[slippery]

Broadband Reports is running a story regarding the latest MS update to fix problems with animated cursors.

"Users in our Security forum note that the latest critical Microsoft Windows update (KB925902) is causing all kinds of problems. Most notably, it prevents some users from loading anti-virus software, but others say the update prevented them from booting entirely. "So far, we have errors with AVG, Realtec, F-Secure, a false positive of a Trojan, a messed up Vaio, USB problems and Accessories and Utilities all vanishing into thin air," says one security forum regular."

I have personally installed this on two Vista machines and one of them failed to boot after the patch was installed. Unfortuntely patches that are often pushed out too quickly to fix critical flaws cause adverse issues on certain configurations as we have witnessed in the past. Watch out for Microsoft rectifying this with an update to the patch. Until then do not install the update if it's causing issues to your machine and report these directly to Microsoft support.

The story: http://www.dslreports.com/shownews/82781

 

[LTR12101B]

Seen a few niggles with it, fortunately it went in OK for me (I removed the temporary eeye fix before installing).

As I find from other followup articles, hardware enforced DEP at ALWAYS or OPTOUT settings, may be able to prevent exploitation, though a DEP trap is is rather messy.

Also, it appears that using Firefox would NOT prevent the issue, as it is an OS problem, rather than a browser one. Opera is rumoured to be possibly immune.

 

[banzibaby]

Didnt have any probs with it here but did hear a lot of reports of it screwin other things up like realtek audio drivers etc.

BaNzI

 

[LTR12101B]

The fix for the Realtek (and many other program) issue is also reported to be problematic.

Maybe patch tuesday, next week, will be when the issues arising get resolved.


The thing is, not to praise Microsoft for their fast response now, but to crucify them (getting the easter feeling) for leaving this potential and privately disclosed vulnerability on the back burner for about 3 months until it WAS exploited, then making a rush job muckup of fixing it.

 

[banzibaby]

Quite right m8

M$ knew about this in Dec & didnt really do much about it till it was being exploited & despite what they say about vista being the most secure OS yet it was still affected by it.

BaNzI

 

[LTR12101B]

Add another program to the list, Tugzip, and while the "patch for the patch" apparently revives it, others in their forums suggest that the second patch is more troublesome than the first.

All depends, not sure if the Easter interruptions will allow them to get it done, but I'd be disappointed not to see a fixed patch on the "normal" Tuesday.

Since I've escaped major disruption, I'll leave the current fix in place, but if I'd known, I'd have stayed with the eeye unofficial patch (restricted functionality for animated cursors).