Microsoft published a knowledge base article about issues with MS06-015. The two main culprits appear to be HP's "Share-to-Web" software and Kerio Personal Firewall.
In order to implement the MS06-015 fix, Microsoft created a special binary (VERCLSID.EXE) which will validate extensions before the windows shell or explorer is able to instantiate them. If VERCLSID.EXE fails to run, many functions are disructed (e.g. open files in applications using the 'File'->'Open' menu).
More stories about patch MS06-013 can be found in a recent Inforworld article. This patch was expected to cause issues due to the changes in ActiveX functionality. Again, see the respective Microsoft statement. Let us know if you experience any issues. So far, everything appears to center around 'Siebel 7'. Given the lack of outcries so far, I don't expect a lot of problems with other applications.
(Thanks to Susan and Juha-Matti for their contributions!)
I will be teaching next: Defending Web Applications Security Essentials - SANS Brussels September 2019
Apr 16th 2006
1 decade ago