MS06-013 Blues
What exactly does Microsoft mean when they say VERCLSID.exe “validates shell extensions before they are instantiated by the Windows Shell or Windows Explorer”?
This came from their knowledge base article that addresses known problems with the MS06-013 patch.
I’m dumb like that so I had to look up the word “instantiate” and found this; “In object technology, to create an object of a specific class” from thefreedictionary.com.
I’m still no closer to understanding it than I was ten minutes before, so I check out the knowledge base article a bit closer and look at the white-list fix that actually pertains to instantiated extensions.
That doesn’t clarify things either and leads me to the million dollar question for someone who has no programming skills; Where do I find the value of an extension I need to exclude?
The value that indicates HP’s Share-to-web extension is; {A4DF5659-0801-4A60-9607-1C48695EFDA9} {000214E6-0000-0000-C000-000000000046} 0x401 and I don’t see ANYTHING relevant in there that would help me.
Lets hope we don’t have to exclude any other extensions!!
This month’s patch cycle certainly was a wake-up call for shops (like mine) who slacked off a bit on the testing phase of patch deployment.
We found that one other of this month’s patches impacts some of our critical security software and had to scramble to isolate and correct the problem. It wasn’t discovered during our testing phase and because of that it impacted our production environment.
Lesson learned.
