If you have frequently and randomly experienced Microsoft Windows, Internet Explorer, Microsoft Office applications, third party software or even the whole Windows PC hanged or freezing, you may have affected by conflict problem caused by security update patch from Microsoft Security Bulletin MS06-015 (KB908531), which was release on 11th April 2006 to fix security vulnerability in Windows Explorer that could allow remote code execution.

Some symptoms and errors of the problems include:

  • Computer frozen and not responding upon right-clicking on the Windows desktop.
  • Unable to access special folders like “My Documents” or “My Pictures”.
  • Microsoft Office applications including Word documents and Excel spreadsheets may stop responding or hang when you attempt to save or open Office files in the “My Documents” folder, or network folder.
  • Office files in the “My Documents” folder are not able to open in Microsoft Office.
  • Opening a file through an application’s File / Open menu causes the program to stop responding.
  • Typing an address into Internet Explorer’s address bar has no effect, and Internet Explorer may hang without responding and crash.
  • Right-clicking on a file and selecting Send To has no effect.
  • Clicking on the plus (+) sign beside a folder in Windows Explorer has no effect, and Windows Explorer may locks up and freezes.
  • Some third-party applications stop responding when opening or saving data in the ‘My Documents’ folder.
  • Windows Explorer hangs when clicks on My Computer in the Folders Explorer Bar in the left pane.
  • Microsoft Outlook stop responding when trying to add attachments.
  • vanished or disappeared external drives
  • Printers inoperable and not functioning.

The security fix MS06-015 (KB908531) can be installed automatically via Automatic Updates if you enable the feature in your Windows system, or manually by installing it through Windows Update or Microsoft Update. So you may be affected without knowing it if Windows automatically applied the patch to your Windows shell.

Microsoft has published Microsoft Knowledge Base Article 918165 which explains the cause of the problems:

The MS06-015 security update package installs a new binary, VERCLSID.EXE, which validates shell extensions before they are instantiated by the Windows Shell or Windows Explorer. On some computers, VERCLSID.EXE stops responding. The following have been identified to cause VERCLSID.EXE to stop responding:

  • Hewlett-Packard’s Share-to-Web software. There have been reported issues where HP software causes the VERCLSID.EXE process to stop responding. In particular, HP’s Share-to-Web Namespace Daemon (Hpgs2wnd.exe) which ships with:
    • HP PhotoSmart software
    • Any HP DeskJet printer that includes a card reader
    • HP Scanners
    • Some HP CD-DVD RWs
    • HP Cameras
    • Share-to-Web Namespace Daemon can be found in the “C:Program Fileshewlett-packardhp share-to-webhpgs2wnd.exe” folder. Share-to-Web is auto-started from both the Startup menu and the Run registry key.
  • The VERCLSID.EXE process is flagged by Sunbelt Kerio Personal Firewall. Sunbelt Kerio Personal Firewall (http://www.sunbelt-software.com/Kerio.cfm) has a feature which flags any attempt by an application to launch another application for the user’s approval. Kerio is flagging Explorer.exe’s launch of VERCLSID.EXE. When this occurs, VERCLSID.EXE’s execution stops until the user clicks through Kerio’s notification dialog. Users can configure Kerio to allow VERCLSID.EXE to execute without prompting.

Beside, there are reported that there is also conflict and incompatibility with older version editions of NVIDIA graphics card drivers.

The resolution and workaround suggested by Microsoft involves adding a value into the registry:

  • Hewlett-Packard’s Share-to-Web software. The MS06-015 (908531) security update includes a “white list”; VERCLSID.EXE will not scan any extension that appears on this list. Adding the HP shell extension corrects the problem. Manually edit the registry:
    1. Log on to the computer with an account with administrator privileges.
    2. Click the Start button and then click Run.
    3. Type Regedit and then click OK.
    4. Navigate to the following key:

      HKEY_LOCAL_MACHINESOFTWARE
      MicrosoftWindowsCurrentVersion
      Shell ExtensionsCached

    5. Right-click “Cached”, point to New, click “DWORD Value”, and then enter:

      {A4DF5659-0801-4A60-9607-1C48695EFDA9} {000214E6-0000-0000-C000-000000000046} 0x401

    6. Set the Data of this value to 1 by right clicking the key, select Modify, and type “1” into the Value date field.
    7. Close the Registry Editor.
    8. Use Task Manager to end the Verclsid.exe process or restart the computer.

    Note: If other third-party COM controls or shell extensions are determined to cause this issue, the same method must be used to add the appropriate shell extension.

  • VERCLSID.EXE process flagged by Sunbelt Kerio Personal Firewall. Kerio Personal Firewall Users can configure Kerio to allow VERCLSID.EXE to execute without prompting.

There are several registry fixes that automated the above process to just double clicking on the scripts and pressing the Enter to confirm to apply the patch to the Windows registry to resolve the problem. The automatic registry patch can be found at the right hand side of line 383 of MS-MVP and KB908531_Share-To-Web.zip (resources no longer available).

Alternatively, until Microsoft update the security patch, you can uninstall the Security Update MS06-015 (KB908531). How you uninstall Windows update is from Add or Remove Programs at Control Panel, and disable Automatic Updates to prevent it from automatically downloads and applies the security fix again.

Note: If you cannot see any updates applied to Windows in Add or Remove Programs, click on and check the “Show updates” at the top of the Windows, after “Currently installed program:”.

Update: Microsoft has released updated patch that addresses the issues.