April 4, 2007 3:01 PM PDT

Windows cursor patch causing trouble

Installing Microsoft's Tuesday patch for a "critical" Windows vulnerability is causing trouble for some users.

Microsoft broke with its monthly patch cycle Tuesday to repair a bug in the way Windows handles animated cursors. Cybercrooks had been using the hole since last week to attack Windows PCs. But the fix is not compatible with software that runs audio and networking components from Realtek Semiconductor, some Windows users have found.

Click here to Play

Video: Hacking a Vista PC
Determina experts explain how to exploit animated-cursor flaw.

"Apparently the update is not compatible with Realtek," CNET News.com reader Dave House wrote in an e-mail. "We lost all Ethernet and audio functions. Removing the update and doing system restores brought the systems back."

Microsoft is aware of problems with Realtek's audio software. In fact, it knew about them before releasing the fix and published a support article with the security bulletin. An additional update is available from Microsoft to remedy the problem, according to the company's Web site. Microsoft is not aware of networking issues, a representative said.

The audio problem occurs on Windows XP PCs that have the Realtek HD Audio Control Panel installed, Microsoft said. The application may not start after the patch is applied and Windows may display an error message, the company said.

Microsoft consciously released the cursor flaw patch despite the compatibility problem, Mike Reavey, a Microsoft Security Response Center staffer, wrote on a corporate blog. The company tested the fix throughout February and March and eliminated many problems, he wrote.

"At one point our testing had uncovered over 80 potential issues with the update that were investigated and resolved...at the time of release, only one minor quality issue was known," Reavey wrote.

The cursor vulnerability is one of seven flaws addressed by Microsoft's Tuesday patch--three of them also affect Vista. Cybercrooks moved quickly to exploit the cursor hole. Security firm Websense has spotted hundreds of Web sites that try to use the bug to compromise PCs, as well as an e-mail spam campaign with links to the malicious sites.

Microsoft plans to issue additional fixes next week on its regular monthly patch day, the company said.

See more CNET content tagged:
cursor, fix, hacking, patch, networking


Join the conversation!
Add your comment
patch causes VOIP file error
My voip add-on ezsky will not work after the patch.
Causes the HHCTRL.OCX to load into memory area conflicting with new version of XP dll.
This affects my Skype usb devices.
Posted by glenn4u (3 comments )
Reply Link Flag
Here, too
We've seen a few instances here at my place of business where that error occurs, but it hasn't affected any of our networked services as of yet...

Fortunately, our Linux servers aren't affected by this... :D
Posted by `WarpKat (275 comments )
Link Flag
Oh great ...
Applied the cursor patch and ONLY the cursor patch last night. Everything else (hardware & software) remained the same. Now I have a supposedly secure cursor that jitters and wanders to the top left hand corner of the screen.


Just like a few years ago when M$ applied an "update" which stuffed up the cursor on my Toshiba Satellite Pro (now deceased).

The more things change, the more they stay the same ...
Posted by OziIan (45 comments )
Reply Link Flag
It was my USB mouse (driver or whatever) that was corrupted. As before it was necessary to remove the USB drivers via Device Manager, re-boot and let XP re-install the USB drivers.
So far the cursor is stable again ...

If you people reporting problems are using USB devices, maybe give this a go
Posted by OziIan (45 comments )
Link Flag
Gomer Pile...
"surprise, surprise, surprise... "
Posted by Jesus#2 (127 comments )
Reply Link Flag
Here's the fix for the trouble this patch caused!
try this link, <a class="jive-link-external" href="http://support.microsoft.com/kb/935448/" target="_newWindow">http://support.microsoft.com/kb/935448/</a>
Posted by Robynsnest613 (12 comments )
Reply Link Flag
Here's a better fix!!!
try this link = <a class="jive-link-external" href="http://www.apple.com" target="_newWindow">http://www.apple.com</a>
Posted by benjiernmd (123 comments )
Link Flag
At Microsoft Quality is Job One....
or two or three or four, depends on whether they are trying to
break competitor's products, fix their last mistake or really
helping their customers.
Posted by georgiarat (254 comments )
Reply Link Flag
Their customers are IT people.
Things like this create work for IT people, and that's good for job
security, so MS is only helping their customers with this. ;)
Posted by Macsaresafer (802 comments )
Link Flag
How do you know that it's not Realtek that screwed up?
It's not clear whether or not whose fault it is - if Realtek wrote bad software that just happened to work, I can't blame MS.

The whiners like to complain about how long it takes MS to release a patch, then they release one quickly and the whiners cry that something doesn't work.

Look at how many different third party drivers, etc. MS has to test against before releasing a patch. Do you think eEye tested their patch against all of those drivers?

When did computer users become such whimps? Back in the old days, users were real men. Now they are whining crybabies.
Posted by fafafooey (171 comments )
Link Flag
A Green 3270 Terminal Will Fix This
Life went downhill for everyone when the world moved away from using green IBM 3270 terminals. No viruses, no spyware, no malware, no cursing cursors.

Life is better today?
Posted by Stating (869 comments )
Reply Link Flag
Don't forget 3279's!!
Dinosaur's unite!!
Posted by Kings X Rocks! (89 comments )
Link Flag
Also breaks AVG and Calculator
I had a problem with this patch breaking my AVG installation and the calculator that comes with XP.

Uninstalling the patch fixed the problem. Same error message as the RealTec issue but the hotfix didn't help.
Posted by sheldonkotyk (2 comments )
Reply Link Flag
pushed this patch out to a small company with 38 XP boxes that uses AVG....all works fine with no problems.
Posted by Lindy01 (443 comments )
Link Flag
ms Quality is job NONE (is cnet bending to pressure???)
This article is not even 24 hrs old and in fact was posted almost at cob yesterday, not enough veiwtime during noraml business hours. Additionally it was on the front page of the cnet news page about an hour ago and moved.... hmmm

Following on the heals of the previous day, I do not beleive we are flogging a dead horse but just ensuring that the msg is getting 'home' to the fangurls and Obsessive/Compulsives but more importantly the public that see no other avenue of options just because it is installed on a new pc, which they already know little about.

First of all if you are going to believe a salesperson, or feel sorry for them why dont you just hand over your house keys and car. They couldn't care a monkeys behind about you and thrive on making jokes during lunchtime about your innocent and understandable questions, mis-steps, or worse yet, your purchases.

vista is supposed to be performance oriented and business-security ehanced. I know of know serious gamer or pc enthusiast that has any inclination towards acquiring it, or those that have against thier own better judgement, regretted it severly. On the business side well we are just starting to see from the few early adopters more than just a few problems on the security side as well as the fair and business professional consumer consideration conduct of ms.

The audio chipset used is in more than just a few pc's. Realtek produces a variety of excellent performing pc audio chips used widely. So,... ms went ahead with half a patch and regardless of all those millions of pc's out there with the Realtek chip sets, went right ahead, knowing it was going to cause problems, and pushed it on to the pc's. Nice job ms. Only to have a complete solution in the days following.

Point of order here is that although the information published indicated that there was a security hole, this is not when the hole was created. A hacker, cracker, or whacker would not go an oublic announce it if they wanted to truely exploit it so we must ask ourselves can the voices of security really be trusted that no breach occured before that date??? Of course it did!!!

Amazing -

"An additional update is available from Microsoft to remedy the problem, according to the company's Web site. Microsoft is not aware of networking issues, a representative said."

- ms is NOT AWARE!?!?!? Have ms yet been aware of anything concerning security!?!?!? How can this possibly provide any reassurances? ("you can't see me" says Eddie with eyes tightly shut)

and again -

"At one point our testing had uncovered over 80 potential issues with the update that were investigated and resolved...at the time of release, only one minor quality issue was known," Reavey wrote"

- while they are trying to convey that they have this thing sown up, it is only a single scenario that ms is hoping is true in a long list of foul-ups. So at the time of release they tested 80 things and they all screwed up but then managed to parlez the list down to just one. So are they tresting the other 1,345,328,973,378 possible things, or at least trying? How about starting with the list of previous version problem.

This is the quality of ms, one dirty used bandaid at a time, one on the other, LOL.
Posted by Dragon Forge (96 comments )
Reply Link Flag
I know it?s hard to imagine but there is alternatives to Windows. Give something else a try sometime. You may like it.
Posted by jleemc44 (22 comments )
Reply Link Flag
Microsoft breaks a lot of thins in their fix attempts
This is nothing new for them.

They patch a patch to a patched-patched-patched-patch which was flawed and yet the still end up with problems.

The only thing about Microsoft that would surprise me is if they got it right the first time!!! (* GRIN *)

But history has proven time and again that to be a task which even Mission Impossible would not take on. (* LOL *)

Posted by wbenton (522 comments )
Reply Link Flag
Cascading Problems
The Microsoft patch screwed up my Realtek app, which I "fixed" by installing Microsfot's "fix" for their patch and Realtek's update. Well, it sort of fixed things. I can at least open the Realtek control panel. However, among the options there for speaker configurations, 5.1 is nowhere to be found. Even though I have the Sounds and Audio Devices control panel set to 5.1, I no longer get any sound out of my centre, left-rear, right-rear, or sub-woofer speakers. Who do I complain to? Microsoft will blame Realtek and Realtek will blame Microsoft. Meanwhile, I've only got two out of six speakers working and I can't help wondering what else the "fixes" broke that I haven't encountered yet.
Posted by siriusproductions (54 comments )
Reply Link Flag
patch disables EPG in Arcsoft's TotalMedia
The recently released Microsoft security patch (KB925902) disables the EPG and digital TV programme recording functions in Arcsoft's TotalMedia 3.
Posted by jdr1111 (3 comments )
Reply Link Flag
Exploding Pinto Fix Engulfs Ohio in Flames !
So is there anything that MSFT can ship that isn't a complete train wreck or multiple train wrecks?
Posted by Sumatra-Bosch (526 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.