Patch Tuesday

So normally I follow up posts of vulnerability warnings with some sort of info on how to patch your system. I forgot to this time, and when I realized it, I was pretty much too lazy to put one up. I have long believed that in an ideal world, the common computer user shouldn't have to worry about patches and virus definitions and whatnot. But I am not always the most charitable person either, and while I could have posted a link to the fix and instructed you all to run Windows Update, I just figured I'd leave you all to your own devices this time. (Ok, so I was too busy playing Neverwinter Nights 2....)

But today be Patch Tuesday, and so as pennance for my lack of effort last week, I am directing you all to go over to Windows Update and patch your boxes. Why am I beating this so hard? Because last week's vulnerability exploited a flaw in animated cursors, the kind that you see on crappy geocities and myspace webpages. Mearly browsing to a site that was maliciously modified would exploit the vulnerability, letting "Bad Guys"(tm) install all kinds of malware on your box. No fun.

So, for those of you who want the details, SANS.org has a nice summary of what's fixed here. Microsoft has their own notice here.

There is an error some of you may get after installing one of the patches in which you will get a message that says:

"The system DLL user32.dll was relocated in memory. The application will not run properly. The relocation occurred because the DLL C:\Windows\System32\Hhctrl.ocx occupied an address range reserved for Windows system DLLs. The vendor supplying the DLL should be contacted for a new DLL."

In addition, you might notice that your soundcard control panel doesn't pop up. This is a problem with the MS07-014 patch, but was subsequently fixed in a second patch. I've had one friend see this issue already, but the hotfix solved the problem. I've noticed that the hotfix is now an automatic download from Windows Update, but in case you miss it, you can download it manually from the Microsoft notice here.