So you have three computers from which you removed and reinstalled
NOD32, but not the KB972260 hotfix? And these systems all manifested
the lockup after re-installation? If so, that is pretty strong evidence.
If the Helpline and Client Services systems that were reported as fixed
this afternoon re-manifest, and removing the KB hotfix stabilizes them,
we will block re-installation of the KB hotfix on domain-joined systems.
We also will need to got the problem resolved at a more basic level
quickly. There are expected to be more critical Internet Explorer and
Operating System updates next week that cannot be left unpatched. Since
MS has taken to releasing IE updates as "cumulative" updates (combining
many previously released updates in a single package), we will encounter
this issue again if not properly addressed.
Andrew Hendrickson wrote:
> I'd say that those who reported such things didn't wait long enough.
> In every case thus far (and I've seen three), reinstalling NOD32
> eventually brought about the same symptoms if the KB was left in place.
> Quoting "J. Greg Mackinnon" <[log in to unmask]> Thu, 30 Jul 2009:
>> We have had reports that simply removing/reinstalling NOD32 made the
>> problem "go away", at least for the time being. This information
>> suggests that the problem is being caused by NOD32 on its own, not by
>> the KB hotfix list. Did you try simply reinstalling NOD32 on any of
>> the systems you visited?
>> If KB972260 is responsible, then we can block its distribution for
>> domain-joined systems. However, this is a patch for a remote code
>> execution vulnerability. Microsoft security felt it was urgent
>> enough that this patch needed to be released out-of-band (i.e. not on
>> "patch Tuesday"). Left unpatched, this vulnerability likely /will/
>> be exploited. Thus, I would prefer to avoid blocking this update
>> until we have a bit more evidence that it is responsible for system
>> Andrew Hendrickson wrote: Okay, tomorrow may just be a really really
>> bad day for everyone. Just fair warning.
>> I've had two reports of machines freezing up with a busy cursor, one
>> Vista SP2, ESET NOD32 version 4 and one Windows XP SP2, ESET NOD32
>> version 3.
>> On the Vista machine a "failure - security options: Login process has
>> failed to create the security options dialog" would appear.
>> On the XP machine, Windows Explorer simply freezes and no keystrokes
>> get a response, including the venerable control-alt-del.
>> On the Vista machine I discovered that KB972260 had just been
>> installed. When I removed that KB AND removed ESET NOD32, the
>> problem went away. If I tried to run the machine after just removing
>> the KB, the problem remained.
>> I confirmed that this was also the case on the Windows XP machine as
>> KB97260 appears to be a critical out of band update released to
>> rectify some serious security flaws in Internet Explorer and is an
>> update for all flavors of Windows currently supported and all flavors
>> of IE.
>> And, just to set my evening to "extra crispy" when I returned to my
>> office my own Vista desktop was waving it's "Failure - Security
>> Options" freaky flag. ;-)
>> So far the only thing that appears to work is to either remove the KB
>> and ESET, or remove both, block the KB in Windows Update and
>> reinstall ESET.
>> Perhaps we could block this particular KB at the update server until
>> ESET gets this cleared up?
>> I don't think that this is just a bad ESET definition file, because
>> the machine runs fine with the KB removed and blocked but ESET
>> Andrew Hendrickson
>> CAS, IT Administrator
>> UVM, College of Arts & Sciences
>> 438 College Street #402
>> Burlington, VT
>> 802-656-4529 (fax)
>> [log in to unmask]
>> To submit a request for service please use: