891711/MS05-002 Updated (fixed) for Win9x

[Crossposted to Security, Security.Homeusers, Win98 General, WinME General,
Win98 Windows Update, and Windows Update newsgroups for maximum exposure.
Please eliminate needless crossposting when replying to this message.]

Microsoft Security Bulletin MS05-002: Vulnerability in Cursor and Icon
Format Handling Could Allow Remote Code Execution (891711):
http://www.microsoft.com/technet/Sec.../ms05-002.mspx

<quote>
Why was this security bulletin updated on April 12, 2005?

After the release of the MS05-002 security bulletin, Microsoft became aware
of an issue affecting customers deploying the Windows 98, 98SE and ME
security update. In most cases, the issue caused machines to unexpectedly
restart.

Microsoft has investigated this issue and has made available revised
security updates for these platforms. These revised security updates are
available from Windows Update and the Microsoft Download Center. Customers
who have not yet applied the original version of these updates should visit
Windows Update to receive the revised updates.

[NB:] Customers who have already applied the original Windows 98, 98SE and
ME security update are advised to install the current revision of the update
from Windows Update.

<snip>

Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition
critically affected by any of the vulnerabilities that are addressed in this
security bulletin?

Yes. Windows 98, Windows 98 Second Edition, and Windows Millennium Edition
are critically affected by this vulnerability. A Critical security update
for these platforms is available and is provided as part of this security
bulletin and can be downloaded /only/ from the Windows Update Web site.
[Emphasis added]
</quote>

Thanks to all those who called MS at 1-866-PCSAFETY about the bug in 891711
as released in Feb-05. Your documentation of the problems caused by 891711
played a major role in getting them fixed.

AFAIK KB891711 should no longer load at Startup and display as a running
Process.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (Shell, IE/OE) & Security

From: "PA Bear" <>

| [Crossposted to Security, Security.Homeusers, Win98 General, WinME General,
| Win98 Windows Update, and Windows Update newsgroups for maximum exposure.
| Please eliminate needless crossposting when replying to this message.]
| | Microsoft Security Bulletin MS05-002: Vulnerability in Cursor and Icon
| played a major role in getting them fixed.
|

< snip >

| AFAIK KB891711 should no longer load at Startup and display as a running
| Process.
| --
| ~Robear Dyer (PA Bear)
| MS MVP-Windows (Shell, IE/OE) & Security

Thank You Robear !

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

David H. Lipman <DLipman~nospam~@Verizon.Net> wrote:

>> AFAIK KB891711 should no longer load at Startup and display as a
>> running Process.

> Thank You Robear !

It will, of course, still appear as a running module when using a process
viewer or system information tool. The difference now being that it is
started as a service, something that should have been the case with the
original release.
--
Mike Maltby MS-MVP

Just installed update & it's back (loads at Startup & displays in running
processes)!!!

Patreply <> wrote:

> Just installed update & it's back (loads at Startup & displays in
> running processes)!!!

Using which tool? It will still show as running (which it should be) when
using a process viewer or system information | software environment |
running tasks but should no longer appear in the list displayed when using
Ctrl-Alt-Del.
--
Mike Maltby MS-MVP

Many are reporting (dslreports.com) that it still runs at start-up when
using Ctrl-Alt-Del. I'm going to try it later on (after a manual System
Restore Point that is).

Steve

"Mike M" <No_Spam@Corned_Beef.Only> wrote in message
news:...
> Patreply <> wrote:
>
> > Just installed update & it's back (loads at Startup & displays in
> > running processes)!!!
>
> Using which tool? It will still show as running (which it should be) when
> using a process viewer or system information | software environment |
> running tasks but should no longer appear in the list displayed when using
> Ctrl-Alt-Del.
> --
> Mike Maltby MS-MVP
>
>
>

Thanks, PA, for the update - I've literally just walked in the door after a
(very) hard days work (sob, son!<g>) - good to see that MS can respond
quickly to this type of situation!!


--
Noel Paton (MS-MVP 2002-2005, Windows)

Nil Carborundum Illegitemi
http://www.btinternet.com/~winnoel/millsrpch.htm

http://tinyurl.com/6oztj

Please read http://dts-l.org/goodpost.htm on how to post messages to NG's

"PA Bear" <> wrote in message
news:ee%...
> [Crossposted to Security, Security.Homeusers, Win98 General, WinME
> General, Win98 Windows Update, and Windows Update newsgroups for maximum
> exposure. Please eliminate needless crossposting when replying to this
> message.]
>
> Microsoft Security Bulletin MS05-002: Vulnerability in Cursor and Icon
> Format Handling Could Allow Remote Code Execution (891711):
> http://www.microsoft.com/technet/Sec.../ms05-002.mspx
>
> <quote>
> Why was this security bulletin updated on April 12, 2005?
>
> After the release of the MS05-002 security bulletin, Microsoft became
> aware of an issue affecting customers deploying the Windows 98, 98SE and
> ME security update. In most cases, the issue caused machines to
> unexpectedly restart.
>
> Microsoft has investigated this issue and has made available revised
> security updates for these platforms. These revised security updates are
> available from Windows Update and the Microsoft Download Center. Customers
> who have not yet applied the original version of these updates should
> visit Windows Update to receive the revised updates.
>
> [NB:] Customers who have already applied the original Windows 98, 98SE and
> ME security update are advised to install the current revision of the
> update from Windows Update.
>
> <snip>
>
> Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition
> critically affected by any of the vulnerabilities that are addressed in
> this security bulletin?
>
> Yes. Windows 98, Windows 98 Second Edition, and Windows Millennium Edition
> are critically affected by this vulnerability. A Critical security update
> for these platforms is available and is provided as part of this security
> bulletin and can be downloaded /only/ from the Windows Update Web site.
> [Emphasis added]
> </quote>
>
> Thanks to all those who called MS at 1-866-PCSAFETY about the bug in
> 891711 as released in Feb-05. Your documentation of the problems caused
> by 891711 played a major role in getting them fixed.
>
> AFAIK KB891711 should no longer load at Startup and display as a running
> Process.
> --
> ~Robear Dyer (PA Bear)
> MS MVP-Windows (Shell, IE/OE) & Security
>

Have they uninstalled the previous version first? I was wondering if the
new version really fixes all that when overinstalled.

--
Gary S. Terhune
MS MVP Shell/User
http://www.grystmill.com/articles/cleanboot.htm
http://www.grystmill.com/articles/security.htm

"(yet another) Steve" <> wrote in message
news:...
> Many are reporting (dslreports.com) that it still runs at start-up
when
> using Ctrl-Alt-Del. I'm going to try it later on (after a manual
System
> Restore Point that is).
>
> Steve
>
> "Mike M" <No_Spam@Corned_Beef.Only> wrote in message
> news:...
> > Patreply <> wrote:
> >
> > > Just installed update & it's back (loads at Startup & displays in
> > > running processes)!!!
> >
> > Using which tool? It will still show as running (which it should
be) when
> > using a process viewer or system information | software environment
|
> > running tasks but should no longer appear in the list displayed when
using
> > Ctrl-Alt-Del.
> > --
> > Mike Maltby MS-MVP
> >
> >
> >
>
>

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:uXd%...
>
> From: "PA Bear" <>
>
> | [Crossposted to Security, Security.Homeusers, Win98 General, WinME
General,
> | Win98 Windows Update, and Windows Update newsgroups for maximum
exposure.
> | Please eliminate needless crossposting when replying to this message.]
> | | Microsoft Security Bulletin MS05-002: Vulnerability in Cursor and Icon
> | played a major role in getting them fixed.
> |
>
> < snip >
>
> | AFAIK KB891711 should no longer load at Startup and display as a running
> | Process.
> | --
> | ~Robear Dyer (PA Bear)
> | MS MVP-Windows (Shell, IE/OE) & Security
>
> Thank You Robear !
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
Glad to see and have you back, Dave.

Harry.

I am not seeing that here.

I have just installed the new KB891711 together with KB890923 on to a Win
Me system with IE SP1 and the original version of KB891711 installed. I
no longer see KB891711 as a running process when using Ctrl-Alt-Del.
--
Mike Maltby MS-MVP



(yet another) Steve <> wrote:

> Many are reporting (dslreports.com) that it still runs at start-up
> when using Ctrl-Alt-Del. I'm going to try it later on (after a manual
> System Restore Point that is).