April 4, 2007 3:01 PM PDT
Windows cursor patch causing trouble
Microsoft broke with its monthly patch cycle Tuesday to repair a bug in the way Windows handles animated cursors. Cybercrooks had been using the hole since last week to attack Windows PCs. But the fix is not compatible with software that runs audio and networking components from Realtek Semiconductor, some Windows users have found.
Hacking a Vista PC
Determina experts explain how to exploit animated-cursor flaw.
"Apparently the update is not compatible with Realtek," CNET News.com reader Dave House wrote in an e-mail. "We lost all Ethernet and audio functions. Removing the update and doing system restores brought the systems back."
Microsoft is aware of problems with Realtek's audio software. In fact, it knew about them before releasing the fix and published a support article with the security bulletin. An additional update is available from Microsoft to remedy the problem, according to the company's Web site. Microsoft is not aware of networking issues, a representative said.
The audio problem occurs on Windows XP PCs that have the Realtek HD Audio Control Panel installed, Microsoft said. The application may not start after the patch is applied and Windows may display an error message, the company said.
Microsoft consciously released the cursor flaw patch despite the compatibility problem, Mike Reavey, a Microsoft Security Response Center staffer, wrote on a corporate blog. The company tested the fix throughout February and March and eliminated many problems, he wrote.
"At one point our testing had uncovered over 80 potential issues with the update that were investigated and resolved...at the time of release, only one minor quality issue was known," Reavey wrote.
The cursor vulnerability is one of seven flaws addressed by Microsoft's Tuesday patch--three of them also affect Vista. Cybercrooks moved quickly to exploit the cursor hole. Security firm Websense has spotted hundreds of Web sites that try to use the bug to compromise PCs, as well as an e-mail spam campaign with links to the malicious sites.
Microsoft plans to issue additional fixes next week on its regular monthly patch day, the company said.
25 commentsJoin the conversation! Add your comment