Microsoft's new patch causing issues for XP users

Just one day after releasing an emergency patch for a vulnerability in its operating system, Microsoft has documented one problem with it and is asking users to report any other issues they might encounter.

Microsoft late Tuesday issued a Knowledge Base (KB) article and a hotfix addressing a problem that may cause the Realtek HD Audio Control Panel not to start after installing the MS07-017 patch, released Tuesday to fix a bug in the way Windows processes .ani Animated Cursor files.

The control panel, developed by Realtek Semiconductor, is used to configure the onboard Realtek HD sound on the system’s motherboard.

Users are rushing to install the MS07-017 patch based on known exploits already occurring and the fact it could allow an attacker to take complete control of a system remotely. The patch’s severity rating was critical.

The Realtek issue affects users who have installed the patch on Windows XP Service Pack 2 – Professional, Home, Tablet and Media Center Editions.

In addition to the Realtek issue, the Internet Storm Center at the SANS Institute also is reporting that “other possible issues have been reported and are being investigated.”

Microsoft did not confirm the existence of “other possible issues,” but a spokesman said, “I can tell you that Microsoft encourages customers who believe they are affected can contact Product Support Services.” There is no charge for contacting Product Support Services in North America at 1866-PCSAFETY or here for international customers.

The spokesman added, “The company was aware of the Realtek HD Audio Control Panel issue during testing of MS07-017,” and recommended that users affected by the problem download the hotfix,

“Currently, the impact of this known issue appears limited in terms of the number of customers impacted,” the spokesman said in an e-mail. Microsoft is continuing to monitor the situation.

The Realtek problem also involves security update MS07-008, which was released in February to address a vulnerability in the Windows HTML Help ActiveX control that could allow remote code execution.

Microsoft said in the KB article that the Realtek problem occurs after installing the two updates. A user with the Realtek HD Audio Control Panel installed would see an alert telling them of an “illegal system DLL relocation.”

The KB article says “the Hhctrl.ocx file that is included in security update 928843 [MS07-008] and the User32.dll file that is included in security update 925902 [MS07-017] have conflicting base addresses. This problem occurs if the program loads the Hhctrl.ocx file before it loads the User32.dll file.”

Microsoft was forced to release the MS07-017 patch a week ahead of its monthly “second Tuesday” patch schedule, because exploits of the vulnerability had become too widespread. Microsoft said it was only the third such early release of a patch since January 2006. Microsoft was first notified of the animated-cursor files flaw in December 2006 by security vendor Determina.