Microsoft will re-engineer the patch that’s been causing some difficulties.
From the Stephen Toulouse:
So what we have done is re-engineered the MS06-015 update to avoid the conflict altogether with the older Hewlett Packard and NVIDIA software. We’re going to run a test pass on it and we will release this new update on Tuesday, April 25th. What the new update essentially does is simply add the affected third party software to an “exception list” so that the problem does not occur. The revised update automates the manual registry key fix.
I want to be real clear about that. When the update is re-released, it’s going to be very much targeted to people who are having the problem, or people who have not installed MS06-015 yet. That means if you have already installed MS06-015 and are not having the problem, there’s no action here for you. Windows Update, Microsoft Update, and Automatic Update will have detection logic built into them to only offer the revised update (which essentially includes the reg key fix) to those customers who either don’t have MS06-015 or are having the problem. [My emphasis].
Separately, I saw this last night:
Microsoft released today thru their Download Center the Compatibility Patch for Internet Explorer (KB917425)
Do not install that compatibility patch if you are not experiencing problem in your Internet Explorer *after* installing the Microsoft Security Bulletion – MS06-013: Cumulative security update for Internet Explorer which was released last Patch Tuesday – April, 11, 2006 because… the said compatibility patch was made available only for “customers who have experienced compatibility issues and who require more time to test/update websites and programs that are impacted by the IE Active X update.”
That means if you have already installed MS06-015 and are not having the problem, there’s no action here for you.
Link here.
So. one fix will be coming out on Tuesday (I’ve got an email into Microsoft get a little more data). And there’s one right now for people who are experiencing issues with the Active X update.
And then just to add spice to the whole mix, Microsoft is investigating problems the patch may have had on some Outlook Express users.
I do hope that people aren’t holding off on the implementing the April 11 patch because of fears that it will cause harm to their system. The createTextRange() zero day exploit is still a potential threat out there. Correction: To be clear, MS06-015 does not address the createTextRange vuln. That bulletin is MS06-013.
Alex Eckelberry