Microsoft (NSDQ: MSFT) on Tuesday issued support documentation to address Internet Explorer problems caused by last week's security patch.
"We have been working with a small number of customers that reported issues related to the installation of MS07-069," said Kieron Shorrock, the Microsoft Security Response program manager responsible for Internet Explorer, in a blog post. "Specifically, on a Windows XP Service Pack 2 (SP2)-based computer, Internet Explorer 6 may stop responding when you try to a visit a Web site."
Microsoft Corp. acknowledged late yesterday that security patches issued last week for Internet Explorer (IE) crippled the browser for some users, but rather than rework the fix, the company offered up a registry hack work-around.
The confirmation and work-around came a week after users installed Security Update MS07-069 on Dec. 11, and users immediately began reporting that they were unable to connect to the Internet with IE or that the browser kept crashing. MS07-069, one of seven bulletins issued on December's "Patch Tuesday," fixed four critical vulnerabilities in IE 5.01, IE6 and IE7.
Although Microsoft had said on Monday that it was investigating the reports, yesterday the company owned up to the problem. "On a Windows XP Service Pack 2-based computer, Internet Explorer 6 may stop responding when you try to a visit a Web site," said Kieron Shorrock, the program manager responsible for IE at the Microsoft Security Response Center (MSRC).
In a later post to the MSRC blog, however, Shorrock downplayed the problem, saying, "We have been working with a small number of customers that reported issues related to the installation of MS07-069." He claimed that the bug appeared only in what he called "a customized installation."
"This isn't a widespread issue," Shorrock added.
That would come as a surprise to users such as Harold Decker, who manages 35 Windows XP SP2 machines at San Diego-based Gold Peak Industries NA Inc. Even though Decker described his shop's systems as "pretty plain," 29% of the PCs that installed last week's IE update had trouble accessing the Web.
Microsoft Security Bulletin MS07-069 addresses four privately reported vulnerabilities that could allow remote code execution if the user of the affected system visits a malicious Web page. MS07-069 is rated critical.
The Microsoft Knowledge Base article for Microsoft Security Bulletin MS07-069, KB942615, has been updated to acknowledge the issue. And article KB946627 explains how to edit the Windows registry to fix the instability introduced to Internet Explorer by the security patch.
According to Shorrock, the IE issue arises as a result of customization and isn't widespread.
Nonetheless, many of those affected are expressing puzzlement that Microsoft would recommend a technically tricky procedure like editing the Windows registry rather than fixing and reissuing the patch.
"With hundreds of users here running XP SP2 with IE6, how can Microsoft be serious that the solution is to edit each registry?" said Phil Shannon on the IEBlog. "Is this some sort of joke? It would be easier to have each user install Mozilla Firefox and stop using IE completely."