Re: Microsoft Security Bulletin(s) for 12/13/2005 (Alex)

Crossposted to Windows Update newsgroup.

I'd hazard to say that installing 905915 exposed hijackware already present
on your system which was taking advantage of the numerous vulnerabilities
addressed by the Cumulative Security Update, which is in fact a roll-up
including fixes released after MS04-004), and that uninstalling 905915 hides
it again.

I'd a run a /thorough/ check for hijackware, including posting your
HijackThis log to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_R...:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/archive/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com/

When all else fails, HijackThis v1.99.1
(http://aumha.net/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. **Post
your log to http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
analysis, not here.**
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org


alexander.halser@gmx.net wrote:
> I installed this update today on Windows XP _SP1_ (IE6 SP1) and it
> doesn't show the problems described here, but causes other troubles:
>
>
> * With the update, IE6 SP1 classifies ALL web sites as "trusted" (!)
>
> * No matter which web site you view, the "Trusted Zone" is displayed in
> the status bar and IE uses the security settings of this zone. The
> sites list for the trusted zone is empty.
>
> * Javascripts don't work reliably. I experienced difficulties with
> Javascript menus not opening anymore and the status bar displays "error
> on page". The script has worked properly before the update. If you
> click around, the same menu with the same script suddenly works again.
> Javascript is on, ActiveX is not permitted.
>
> * De-installation of the updated reverts the behaviour back to normal
>
>
> Had anyone else a similar experience on IE6 SP1 or Windows XP SP1?
>
> Alex
>
>
> richard@trinet.co.uk wrote:
> > Update 905915 breaks IE6 SP2 in a very bad way. After installing the
> > patch via Windows Update and restarting:

I have similar issues after installing KB896688 or KB905915 on multiple
systems. Applications such as Brio and Hyperion do not function properly as
they work by opening a seperate browser window which is usually blank. We run
XP SP2 fully patched and everything works fine until one of these two patches
is installed. I don't believe it is related to a virus or spyware as the
issue can be easily reproduced.

I read all the workarounds and opened a ticked with Microsoft but I don't
want to get into recompiling code or editing the registry for multiple
systems just to get this patch deployed. If anyone has any ideas, please let
me know. Thanks a lot.

"PA Bear" wrote:

> Crossposted to Windows Update newsgroup.
>
> I'd hazard to say that installing 905915 exposed hijackware already present
> on your system which was taking advantage of the numerous vulnerabilities
> addressed by the Cumulative Security Update, which is in fact a roll-up
> including fixes released after MS04-004), and that uninstalling 905915 hides
> it again.
>
> I'd a run a /thorough/ check for hijackware, including posting your
> HijackThis log to an appropriate forum.
>
> Checking for/Help with Hijackware
> http://aumha.org/a/parasite.htm
> http://aumha.org/a/quickfix.htm
> http://aumha.net/viewtopic.php?t=5878
> http://wiki.castlecops.com/Malware_R...:_Introduction
> http://mvps.org/winhelp2002/unwanted.htm
> http://inetexplorer.mvps.org/data/prevention.htm
> http://inetexplorer.mvps.org/archive/tshoot.html
> http://www.mvps.org/sramesh2k/Malware_Defence.htm
> http://defendingyourmachine.blogspot.com/
>
> When all else fails, HijackThis v1.99.1
> (http://aumha.net/downloads/hijackthis.zip) is the preferred tool to use.
> It will help you to both identify and remove any hijackware/spyware. **Post
> your log to http://forums.spybot.info/forumdisplay.php?f=22,
> http://castlecops.com/forum67.html,
> http://forums.subratam.org/index.php?showforum=7,
> http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
> analysis, not here.**
> --
> ~Robear Dyer (PA Bear)
> MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org
>
>
> alexander.halser@gmx.net wrote:
> > I installed this update today on Windows XP _SP1_ (IE6 SP1) and it
> > doesn't show the problems described here, but causes other troubles:
> >
> >
> > * With the update, IE6 SP1 classifies ALL web sites as "trusted" (!)
> >
> > * No matter which web site you view, the "Trusted Zone" is displayed in
> > the status bar and IE uses the security settings of this zone. The
> > sites list for the trusted zone is empty.
> >
> > * Javascripts don't work reliably. I experienced difficulties with
> > Javascript menus not opening anymore and the status bar displays "error
> > on page". The script has worked properly before the update. If you
> > click around, the same menu with the same script suddenly works again.
> > Javascript is on, ActiveX is not permitted.
> >
> > * De-installation of the updated reverts the behaviour back to normal
> >
> >
> > Had anyone else a similar experience on IE6 SP1 or Windows XP SP1?
> >
> > Alex
> >
> >
> > richard@trinet.co.uk wrote:
> > > Update 905915 breaks IE6 SP2 in a very bad way. After installing the
> > > patch via Windows Update and restarting:
>
>