MS Security Update Creates Painful IE Problem
"This certainly creates a painful problem, since the update is going out to millions of people," said Rob Enderle, president and principal analyst with the Enderle Group. "Unfortunately, there's no easy way around it," Enderle added. "As we've found in the past, attackers will use the patch details to create an attack. Meanwhile, those who don't install the patch are instantly vulnerable."
Dec 18, 2007 12:10 PM PT
A security update released by Microsoft last week is wreaking havoc with Internet Explorer for some users.
Shortly after Microsoft issued its MS07-069 security bulletin last Tuesday, users began posting reports of problems with Internet Explorer on support newsgroups, including the Windows Update group on Microsoft's site.
"When I installed the Patch Tuesday updates on my WXP Box with MSIE6 installed, I had the same problems with IE6 startup as others are mentioning in these newsgroups," wrote Bill Drake in the Windows Update discussion. "Specifically, about 60 percent of the time, I would get an 'Internet Explorer has encountered a problem and must close' dialog."
Cleaning the Internet Explorer temp folder and moving to a blank opening page solved the problem, Drake added. "However, this was not an acceptable solution," he noted.
Failure to Reboot
Similar problems were noted in other discussions, indicating that the issue arises with versions 6 and 7 of Internet Explorer on both Windows Vista and Windows XP machines.
"I suspect the KB942615 update should be coded to force a reboot and does not," Drake said. "Consequently, some part of the update that requires a reboot before the update is fully applied does not get done. As a result, installing this update without the reboot causes IE6 to run in a "half-updated/half-not-updated" mode -- which causes the problem described above to occur."
Drake suggested moving to a blank opening page, rebooting the machine again after the update is installed, and then restoring the default homepage. Uninstalling the security update also reportedly solves the problem.
Microsoft's customer service and support teams are investigating the problem, the company confirmed Tuesday. Customers experiencing problems should contact customer service and support for no-charge support right away, the company said.
"If necessary, Microsoft will update the Master Knowledge Base Article 942615 associated with Microsoft Security Bulletin MS07-069 with detailed guidance on how to prevent or address these deployment issues," the company added.
"This certainly creates a painful problem, since the update is going out to millions of people," Rob Enderle, president and principal analyst with the Enderle Group, told TechNewsWorld.
"Unfortunately, there's no easy way around it," Enderle added. "As we've found in the past, attackers will use the patch details to create an attack. Meanwhile, those who don't install the patch are instantly vulnerable."
Half the Population
Between 40 and 60 percent of users who install the update will likely be affected, added Tom Bowers, senior security evangelist with Kaspersky Lab.
"This is a big deal," Bowers told TechNewsWorld. "Even just 20 percent would be a really big number for large enterprises with tens of thousands of PCs."
For larger enterprises, the problem will also be particularly acute because many of them have corporate intranets -- including modules for manufacturing, human resources and outside clients -- that are customized around Internet Explorer.
Rock and Hard Place
Uninstalling the update is not a great solution, Bowers added.
"You don't want to back it out because of the security exploits that are publicly available," he noted. "You don't want to knowingly leave your endpoints exposed."
That's the rock; the hard place is that "using another browser may work if you're doing Internet surfing, but if you're going to an intranet, it's not a solution," Bowers said. "Many intranets use ActiveX controls, and several other browsers won't support ActiveX," he said.
'Breaking Business Processes'
"What's happened is that this is breaking business processes," Bowers asserted.
Larger enterprises with formal quality-assurance processes may not have installed the update yet pending testing, he noted; smaller companies may not be so lucky. Then again, smaller firms also may not be so reliant on Explorer-optimized intranets, he added.
Solutions such as the one proposed by Drake can help if they work, but that may happen only about half the time because of idiosyncrasies in individual implementations of Windows, Bowers noted.
"I think one of the system DLLs (dynamic-link libraries) in the background has an instability, and resetting it back to the default could work for some," he said. On the other hand, "it may work with yours but not work with mine."
'A History of Breaking Things'
Users who haven't yet installed the update shouldn't, Bowers added. Those who have may want to use a different browser for the time being, if they can, he said. Technical folks, meanwhile, "should keep in touch with the newsgroups and the blogs."
Indeed, "the community is responding quickly; Microsoft is not moving as fast," Bowers noted. "I think we'll find fixes in the community first.
"Microsoft has a history of breaking things," Bowers concluded. "That's exactly why big enterprises delay shipping out updates to their endpoints."