Threat Level: green Handler on Duty: Tom Webb

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

MS06-042 and CA Unicenter Service Desk - Hotfix available

Published: 2006-08-17
Last Updated: 2006-08-17 22:42:22 UTC
by Chris Carboni (Version: 3)
0 comment(s)
We've recieved a few reports (and independantly confirmed the problem) of IE crashing on systems with MS06-042 installed when accessing Unicenter Service Desk.

Microsoft updated  MS06-042 (KB 918899) as follows:

Caveats:
For some Internet Explorer 6.0 Service Pack 1 users, Internet Explorer may exit unexpectedly while attempting to access Web Sites using both the HTTP 1.1 protocol and compression. A hotfix and workaround for this issue is available, please see Knowledge Base Article 923762 for more information. A new version of KB918899 is currently in development and will be released to all Internet Explorer 6 Service Pack 1 customers on the Download Center and Windows Update by August 22nd, 2006. Customers not experience the issue described above are recommended to continue deploying MS06-042 in their environments to receive protection from the vulnerabilities documented in the Security Bulletin. The hot fix will be included in future Cumulative Security Updates for Internet Explorer 6.0 Service Pack 1. Microsoft Knowledge Base Article 918899 documents this and any other currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues. For more information, see Microsoft Knowledge Base Article 918899.

UPDATE:

It seems as though this is not limited to IE6SP1.

We have two confirmed reports of the problem occurring in fully patched IE6 SP2 systems.

In those systems:

If MS06-042 is installed, IE locks up when in Service Desk.

If MS06-042 is uninstalled from a previously problematic system, the problem stops.

So, what are your options at this point?

You have to assess the risk in your environment as none of these options are anywhere near ideal and should in no way be considered a recommendation.

1.         Leave it patched and non functional.  Not an attractive option, but paper calls are a possibility in many enterprises. (Why do I see the hate mail flooding in already?)

2.         Install the IE7 beta.  Yes, installing an unsupported beta to fix a problem is a bad solution, but at least you can log calls.

3.         Uninstall MS06-042.  Leaves you vulnerable to everything that exploits these vulnerabilities, but you can log calls.

4.         Use a different browser.  We have an e-mail in to CA to find out if it's supported or not.  Again, not pretty but it may work.

5.         You could also try leaving the system un-patched, use it only for Service Desk, and install an alternate browser for your normal browsing needs.  This eliminates your exposure to web based attacks and still allows you to log calls.


Keywords:
0 comment(s)
Diary Archives