Windows cursor patch creates difficulties
Published: 05 Apr 2007 09:45 BST
Installing Microsoft's Tuesday patch for a "critical" Windows vulnerability is causing trouble for some users.
Microsoft broke with its monthly patch cycle on Tuesday to repair a bug in the way Windows handles animated cursors. Cybercrooks had been using the hole since last week to attack Windows PCs. But the fix is not compatible with software that runs audio and networking components from Realtek Semiconductor, some Windows users have found.
"Apparently the update is not compatible with Realtek," reader Dave House wrote in an email to ZDNet UK's sister site, CNET News.com. "We lost all Ethernet and audio functions. Removing the update and doing system restores brought the systems back."
Microsoft is aware of problems with Realtek's audio software. In fact, it knew about them before releasing the fix and published a support article with the security bulletin. An additional update is available from Microsoft to remedy the problem, according to the company's website. Microsoft is not aware of networking issues, a representative said.
The audio problem occurs on Windows XP PCs that have the Realtek HD Audio Control Panel installed, Microsoft said. The application may not start after the patch is applied and Windows may display an error message, the company said.
Microsoft consciously released the cursor flaw patch despite the compatibility problem, Mike Reavey, a Microsoft Security Response Center staffer, wrote on a corporate blog. The company tested the fix throughout February and March and eliminated many problems, he wrote.
"At one point our testing had uncovered over 80 potential issues with the update that were investigated and resolved... at the time of release, only one minor quality issue was known," Reavey wrote.
The cursor vulnerability is one of seven flaws addressed by Microsoft's Tuesday patch — three of them also affect Vista. Cybercrooks moved quickly to exploit the cursor hole. Security firm Websense has spotted hundreds of websites that try to use the bug to compromise PCs, as well as an email spam campaign with links to the malicious sites.
Microsoft plans to issue additional fixes next week on its regular monthly patch day, the company said.
Did you find this article useful?
22 out of 22 people found this useful
- Share this article:
