Re-Release of MS06-015 on April 25, 2006

Source:
Microsoft Security Bulletin MS06-015: Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531)

You've heard of issues with this security update. Does Microsoft plan to release a revised security update to address these issues?
Microsoft has completed its initial investigation into issues involving old third party software that customers may have experienced after the installation of this security update. On Tuesday, April 25, Microsoft will issue a targeted re-release of the MS06-015 update.

Note Customers who have already applied the MS06-015 update who are not experiencing the problem need take no action.

When released, what changes will the revised security update include?
The revised security update will contain no changes to the binaries included in the initial security update. The revised security update will place the following entries in the allow list as indicated in Microsoft Knowledgebase Article 918165.

HP Share-to-Web
� {A4DF5659-0801-4A60-96071C48695EFDA9}

NVIDIA Graphics Driver
� {1E9B04FB-F9E5-4718-997B-B8DA88302A47}
� {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
� {1CDB2949-8F65-4355-8456-263E7C208A5D}

How do I deploy this revised update?
For customers who have already applied the update and are experiencing the problem related to the older Hewlett Packard Share-to-Web software, or older NVIDIA drivers prior to or including version 61.94, the revised update will be available through Windows Update and Microsoft Update. The targeted re-release will be automatically delivered to affected computers through Automatic Update if it has been enabled The re-release will not be distributed to non-affected computers.

Microsoft Baseline Security Analyzer (MBSA) 2.0 will also determine if one of the identified third-party COM controls has been installed and will offer the revised security update.

For Microsoft Baseline Security Analyzer (MBSA) 1.2.1, the detection logic has been updated to offer the revised package only to machines that do not have the initial security update installed. MBSA 1.2.1 cannot be used to determine if the identified third-party COM controls have been installed. In this situation, we recommend either a manual or Group Policy install of the revised security update.

What are the known issues that customers may experience when they install this security update?
Microsoft Knowledge Base Article 918165 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues. For more information, see Microsoft Knowledge Base Article 918165.