Microsoft Knowledge Base Article 925902 Updated

Hello this is Christopher Budd.

Since MS07-017 was released out-of-band on Tuesday to protect customers from attacks exploiting the Windows Animated Cursor Handling vulnerability, we wanted to provide additional information regarding an update to the known issue Knowledge Base article with information that may impact customers.  As I noted on Tuesday, our regular process is to document known issues in the Master Knowledge Base article referenced in the “Caveats” section of the security bulletin. For MS07-017, this is Microsoft Knowledge Base Article 925902, and we’ve just added information to it and wanted to update you. To review more in depth information, here are a few links:

·         Latest Information

·         What We are Doing

·         Information for WSUS and SUS Administrators

·         Information for MBSA and SMS Users

·         Conclusion

As always, even when there are known issues, we strongly encourage customers to continue their testing and deployment of the security update as part of their regular process. They should review Microsoft Knowledge Base Article 925902 and deploy the available hotfix, as applicable.

Latest Information

Our teams aren’t done once we release a security update through our regular process or out-of-band. Once we released the ANI update, our worldwide Customer Service and Support organization immediately began working round the clock with customers to help them deploy the updates and since then, our folks have identified three additional applications that are experiencing the same issue we documented on Tuesday. Specifically, in addition to the Realtek HD Audio Control Panel we mentioned Tuesday, we’ve added the following applications to our Knowledge Base article:

·         ElsterFormular

·         TUGZip

·         CD-Tag


As we note in the Knowledge Base article, the hotfix currently available for download addresses the issues that we’ve identified.

What We are Doing

While the impact of these issues is clearly not widespread, it is affecting some of our customers. To help customers who have these applications installed, we will be releasing the hotfix that resolves this issue hotfix to affected customers through Windows Update (WU), Microsoft Update (MU), and Automatic Updates (AU) as part of the Tuesday April 10, 2007 release as a High Priority non-security update.

For users of AU your systems, if affected, will automatically  download and install this hotfix for customers with these applications to assist those that are affected.  For users of WU/MU this will occur when you visit the associated update site. Customers who do not have any of the applications will not get the hotfix. We are able to do this by tailoring our detection logic to target only those systems with the security update for MS07-017 and these four applications.

Information for WSUS and SUS Administrators

If you are a Windows Server Update Services (WSUS) or Software Update Services (SUS) customer, you’ll be able to approve this update and have it installed automatically to your applicable systems. At this time, however, I should note that there will be a slight delay for SUS customers: we expect this update will be available for them on Thursday April 12, 2007.

Information for MBSA and SMS Users

Because this is a hotfix and not a security update, the Microsoft Baseline Security Analyzer (MBSA) and Systems Management Server (SMS) security update tools will not automatically identify or deploy this update. However, SMS customers can build custom detection and deployment packages and all customers can identify if the hotfix is installed using the information in the Knowledge Base article.


Our Security Response and Customer Service and Support teams are continuing to work around the clock worldwide with customers, monitoring this situation and making updates as part of our regular process. We’ll let you know of any additional, important information through the MSRC weblog as well.

I hope this helps answer any questions or concerns.



*This posting is provided “AS IS” with no warranties, and confers no rights.*