Patch/Configuration Management, Vulnerability Management

Microsoft to update new patch because of scripting issue

Microsoft will update one of the patches it released last Tuesday due to an error that prevents certain scripts from running.

The problem with MS06-025, which was released as part of the company’s latest Patch Tuesday security bulletin, only affects users of dial-up scripting or terminal windows, said Stephen Toulouse, head of the Microsoft Security Response Center (MSRC).

"There were 12 patches this month and of course we’ve been watching closely for signs of problems. So far, there’ve been no issues with a vast majority of the updates, but one issue we are tracking has to do with MS06-025, very specifically related to dial-up users that use dial-up scripting, a very old piece of functionality not widely in use anymore," he said.

MS06-025 was released to fix a flaw in routing and remote access that could allow code execution.

Affected users can view a Knowledge Base article on the issue at https://support.microsoft.com/kb/911280.

Toulouse, in his posting on the MSRC blog, did not say when the update would be released.

The SANS Internet Storm Center alerted PC users to the issue on Thursday.

The patch prevents the scripts in question from running at all, according to Lorna Hutcheson, a SANS researcher, who said uninstalling the patch fixes the problem.

Microsoft released a dozen new patches last week in its largest patch in over a year. Eight of the fixes were deemed critical, including a cumulative security update for Internet Explorer and a highly anticipated fix for Microsoft Word.

Critical flaws in ART Image Rendering, Jscript, Media Player, routing and remote access, graphics rendering engine and PowerPoint were also fixed.

A number of new exploits have also been spotted in the wild since last Tuesday's bulletin release.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.