
More haste, less speed...
By Joris Evers
Published: 5 April 2007 08:54 BST
Installing Microsoft's Tuesday patch for a "critical" Windows vulnerability is causing trouble for some users.
Microsoft broke with its monthly patch cycle on Tuesday to repair a bug in the way Windows handles animated cursors. Cyber crooks had been using the hole since last week to attack Windows PCs. But the fix is not compatible with software that runs audio and networking components from Realtek Semiconductor, some Windows users have found.
Dave House, a reader of silicon.com sister site CNET News.com, wrote in an email: "Apparently the update is not compatible with Realtek. We lost all Ethernet and audio functions. Removing the update and doing system restores brought the systems back."
Microsoft is aware of problems with Realtek's audio software. In fact, it knew about them before releasing the fix and published a support article with the security bulletin. An additional update is available from Microsoft to remedy the problem, according to the company's website. Microsoft is not aware of networking issues, a representative said.
The audio problem occurs on Windows XP PCs that have the Realtek HD Audio Control Panel installed, Microsoft said. The application may not start after the patch is applied and Windows may display an error message, the company said.
Microsoft consciously released the cursor flaw patch despite the compatibility problem, Mike Reavey, a Microsoft Security Response Center staffer, wrote on a corporate blog. The company tested the fix throughout February and March and eliminated many problems, he wrote.
He added: "At one point our testing had uncovered over 80 potential issues with the update that were investigated and resolved... at the time of release, only one minor quality issue was known."
The cursor vulnerability is one of seven flaws addressed by Microsoft's Tuesday patch - three of them also affect Vista. Cyber crooks moved quickly to exploit the cursor hole. Security company Websense has spotted hundreds of websites that try to use the bug to compromise PCs, as well as an email spam campaign with links to the malicious sites.
Microsoft plans to issue additional fixes next week on its regular monthly patch day, the company said.
Joris Evers writes for CNET News.com
Trouble shoot and fix technical problems, liaising with product management and technical support to organise a patch if necessary. Websphere IT ...
Responsibilities: - Deliver security assessment services including network scanning, vulnerability testing, penetration testing, search engine ...
Audio Visual Support Technician Milton Keynes 16,870 + per month on call allowance (with experience) Hotel and Conferencing Services is Accenture HR ...
CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.
Stories from the web...
Copyright ©1995-2008 CNET Networks, Inc. All rights reserved. Top of page
Peter Cochrane Peter Cochrane's Blog: Is convergence a fiction? Or could it finally be happening…
Clive Longbottom Quocirca's Straight Talking: A game of two halves Microsoft Virtualisation scores while its SOA bores...