Looks like quite a few folks have had trouble with verclsid.exe. So what is it anyway?

verclsid.exe is, if I understand it correctly, a way of verifying CSLID COM objects for programs. Apparently it’s being used to identify COM objects that might execute with the drag and drop feature from Explorer (and by extension Internet Explorer) according to the Microsoft Security Bulletin MS06-015 and MS KB 918165 which talks about the problems some are experiencing in Windows Explorer or in the Windows shell after you install security update MS06-015 and about the dangerous remotely executable vulnerability that Microsoft was trying to patch.

Here’s a search result on the Microsoft site for verclsid.exe.

Many have successfully used the workaround of renaming it from my reading at groups.google searching on verclsid.exe and verclsid.exe @BBR.

Most folks are now leaving it like that or patched via registry manually or with something like Kelly’s HP’s Share-to-Web Software Fix (Line 383 on the right) HP.VBS (direct link) More info: (MS06-015), and waiting on Microsoft’s patch for the patch on the 25th which will apparently be rolled out only to those experiencing problems, before doing anything else.

Apparently, by not having the verclsid.exe active by either removing the patch or renaming verclsid.exe to something like verclside.OLD, it basically makes it as though you didn’t have that protection installed, and programs behave normally (like before the patch was installed). Which means it doesn’t look to verify the com objects as OK against the list of CLSID com objects that are OK’d in the registry, and thereby doesn’t protect you the way it was intended to do in Explorer and Internet Explorer against the drag and drop remote vulnerability indentified by MS06-015.

I think another question might or could be posed here if one had a suspicious mind — Was this some sort of test?

Considering the broad based problems users of various software experienced and the fact that if the user opened the Task Manager while experiencing these problems, the Task Manager would show verclsid.exe running at that time and not at other times — and as far as I could tell from my reading, in all cases if verclsid.exe was killed the problem stopped AND this of course has only been since the updates were rolled out for April 2006 that installed this “com object protection” — I got to wondering; what could verclsid.exe be used for in the future? Are there any down sides to verclsid.exe?

Is this something where potentially verclsid.exe (or a new service based on it) could be used to … let me see how to say this … OK … perhaps, in the interest of ‘security’ of course, maybe it could prevent installation or running of programs that may not be sanctioned for use on a Windows computer (by using the same verification process by verclsid.exe of the CLSID for the program’s com object) … like maybe programs by Open Source or small Windows developers who may not be included in some approved list of programs? And if there were such a list, would this list be housed on the computer in the Registry or would verclsid.exe need Internet access to verify against a dynamic list on the Internet at Microsoft maybe … like maybe another form of DRM?

If so, could this, which started supposedly to fix a vulnerability turn into the Open Source and small Windows developer killer?

Just thinking outloud here … and hoping I am wrong.

What are your thoughts on this?

Did you have problems with the April patches for Windows? What programs did you have trouble with? Are you still using Automatic Updates?

I did not experience any problems but some folks did and some even thought they may have been hit with some sort of malware because they were experiencing such a weird set of problems after the April patches rolled out.


Tag Cloud

%d bloggers like this: