Latest Microsoft Security Glitch Limited
UPDATED: So far. But there is no telling how many apps could be hit tomorrow.
UPDATED: Microsoft said a limited range of consumer software is to blame for its latest security update unintentionally backfiring on Office and IE users.
Digital photography software from HP and a personal firewall from Sunbelt Software rejected a new file Microsoft introduced as part of a security fix for a flaw in Windows Explorer. The glitch causes Office to stop saving and opening files and prevents IE from visiting Web pages.
The problems reported appear limited to consumer-oriented software, Microsoft stresses on its security blog. MS06-015 included a new file, VERCLSID.EXE, which validates shell extensions before being used by Windows Explorer or Windows Shell.
A vulnerability in Windows Explorer, which Microsoft deemed "important," allowed remote attackers to convince the shell to start HTML applications, thereby gaining total system control. However, the solution seems to be creating problems for some applications.
In explaining the glitch, Microsoft said HP's Share-to-Web software causes VERCLSID.EXE to stop responding.
The software, used by HP's PhotoSmart software, HP DeskJet printers that include a card reader, HP cameras and scanners, as well as some HP CD-DVD burners, can also cause trouble for Windows Explorer and IE, according to Microsoft.
Windows users may lose access to their "My Documents" and "My Pictures" folders. Office could stop opening or saving files in "My Documents."