RESEARCH TRIANGLE PARK – In its attempt to remedy a potentially devastating Internet Explorer security flaw, Microsoft issued a patch (MS06-015) last week that has many Windows operating system users banging their locked-up keyboards in frustration.
The blogsphere and online news sites are filled with stories about Microsoft’s latest misstep. The fix can leave PCs loaded with HP accessory frozen.
Brian Holmes, writing at Earthtimes.org, sees the latest gaff as a boost for open source.
“Microsoft had held back posting a patch so that it could properly test it. However the release of this less-than-ideal patch has blown away that theory. It is no wonder that users are now looking the Linux way,” he said.
When complaints surfaced about the patch, Microsoft responded with an on-line apology – and a warning to users about not turning off its “automatic update” feature for fixes – in its tech support forum.
“I’m very sorry about the inconvenience this has caused you all; hopefully this will get things back on track,” wrote Stephen Hui about Microsoft’s snafu and proposed remedies. “Please note that MS06-015 fixes a critical security vulnerability, so it’s very important that you reinstall it as soon as possible if you’ve uninstalled it. Please also keep in mind that disabling Auto Update will leave your computer unprotected even after we release security updates. I understand that this experience has been very frustrating for many of you, but I really must still strongly recommend that you leave Auto Update enabled for your own safety.”
Erik Larkin, who covers security for PC World, points out that the patch “closes a critical security hole in Windows Explorer that could give a remote attacker complete control of your computer. However, users began posting reports on various Microsoft forums of serious issues – like Office-application and IE lock-ups – almost immediately after the release.”
As serious as the security flaw is, Brian Krebs warns in his “Security Fix” column for The Washington Post that Microsoft’s remedy is also “dangerous”.
“The trouble with this solution is that mucking around with the registry can be a dangerous proposition, because an errant change can prevent a system from even booting correctly (Microsoft’s advisory says nothing about these dangers). If you’ve never modified your Windows registry before and you’re experiencing the kinds of problems these readers are having, I would strongly advise you to read (and even print out) Microsoft’s instructions on backing up, editing and restoring system registry settings. Actually, this is good advice for all Windows users,” he said.
Mess up your registry and you will really be upset.