891711/MS05-002 Updated (fixed) for Win9x

Discussion in 'Windows Update' started by PA Bear, Apr 12, 2005.

  1. PA Bear

    PA Bear Guest

    [Crossposted to Security, Security.Homeusers, Win98 General, WinME General,
    Win98 Windows Update, and Windows Update newsgroups for maximum exposure.
    Please eliminate needless crossposting when replying to this message.]

    Microsoft Security Bulletin MS05-002: Vulnerability in Cursor and Icon
    Format Handling Could Allow Remote Code Execution (891711):
    http://www.microsoft.com/technet/Security/bulletin/ms05-002.mspx

    <quote>
    Why was this security bulletin updated on April 12, 2005?

    After the release of the MS05-002 security bulletin, Microsoft became aware
    of an issue affecting customers deploying the Windows 98, 98SE and ME
    security update. In most cases, the issue caused machines to unexpectedly
    restart.

    Microsoft has investigated this issue and has made available revised
    security updates for these platforms. These revised security updates are
    available from Windows Update and the Microsoft Download Center. Customers
    who have not yet applied the original version of these updates should visit
    Windows Update to receive the revised updates.

    [NB:] Customers who have already applied the original Windows 98, 98SE and
    ME security update are advised to install the current revision of the update
    from Windows Update.

    <snip>

    Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition
    critically affected by any of the vulnerabilities that are addressed in this
    security bulletin?

    Yes. Windows 98, Windows 98 Second Edition, and Windows Millennium Edition
    are critically affected by this vulnerability. A Critical security update
    for these platforms is available and is provided as part of this security
    bulletin and can be downloaded /only/ from the Windows Update Web site.
    [Emphasis added]
    </quote>

    Thanks to all those who called MS at 1-866-PCSAFETY about the bug in 891711
    as released in Feb-05. Your documentation of the problems caused by 891711
    played a major role in getting them fixed.

    AFAIK KB891711 should no longer load at Startup and display as a running
    Process.
     
    PA Bear, Apr 12, 2005
    #1
    1. Advertisements

  2. From: "PA Bear" <>

    | [Crossposted to Security, Security.Homeusers, Win98 General, WinME General,
    | Win98 Windows Update, and Windows Update newsgroups for maximum exposure.
    | Please eliminate needless crossposting when replying to this message.]
    | | Microsoft Security Bulletin MS05-002: Vulnerability in Cursor and Icon
    | played a major role in getting them fixed.
    |

    < snip >

    | AFAIK KB891711 should no longer load at Startup and display as a running
    | Process.
    | --
    | ~Robear Dyer (PA Bear)
    | MS MVP-Windows (Shell, IE/OE) & Security

    Thank You Robear !
     
    David H. Lipman, Apr 12, 2005
    #2
    1. Advertisements

  3. PA Bear

    Mike M Guest

    It will, of course, still appear as a running module when using a process
    viewer or system information tool. The difference now being that it is
    started as a service, something that should have been the case with the
    original release.
     
    Mike M, Apr 12, 2005
    #3
  4. PA Bear

    Patreply Guest

    Just installed update & it's back (loads at Startup & displays in running
    processes)!!!
     
    Patreply, Apr 12, 2005
    #4
  5. PA Bear

    Mike M Guest

    Using which tool? It will still show as running (which it should be) when
    using a process viewer or system information | software environment |
    running tasks but should no longer appear in the list displayed when using
    Ctrl-Alt-Del.
     
    Mike M, Apr 12, 2005
    #5
  6. Many are reporting (dslreports.com) that it still runs at start-up when
    using Ctrl-Alt-Del. I'm going to try it later on (after a manual System
    Restore Point that is).

    Steve
     
    \(yet another\) Steve, Apr 12, 2005
    #6
  7. PA Bear

    Noel Paton Guest

    Noel Paton, Apr 12, 2005
    #7
  8. Have they uninstalled the previous version first? I was wondering if the
    new version really fixes all that when overinstalled.
     
    Gary S. Terhune, Apr 12, 2005
    #8
  9. PA Bear

    webster72n Guest

    Glad to see and have you back, Dave.

    Harry.
     
    webster72n, Apr 12, 2005
    #9
  10. PA Bear

    Mike M Guest

    I am not seeing that here.

    I have just installed the new KB891711 together with KB890923 on to a Win
    Me system with IE SP1 and the original version of KB891711 installed. I
    no longer see KB891711 as a running process when using Ctrl-Alt-Del.
     
    Mike M, Apr 12, 2005
    #10
  11. pa, i don't know where to post. but i followed your lead in win update site.
    thanks for all this info!

    yesterday, 4-11-05, microsoft walked me thru a removal process in the
    registry, & deleted the bad executable file. after reading thru recent
    posts, my thinking is to uninstall the kb891711 update, & use the windows
    site to install the updated version.

    as i'm writing this, my auto update popped up. went to WU site. says i need
    kb890923 & kb891711. should i uninstall the old kb891711 thru add remove? &
    then install these 2 from WU?

    thanks for all your help! len kiesling
     
    Leonard F Kiesling, Apr 12, 2005
    #11
  12. PA Bear

    oops!! Guest


    Ditto.

    Zee
     
    oops!!, Apr 12, 2005
    #12
  13. PA Bear

    Rick Chauvin Guest


    Same here it's not listed in the Ctrl-Alt-Del way anymore, but of course it
    is still a running process if you run msinfo32 or whatever process explorer
    is your pleasure.

    I never had a problem with KB891711 anyway but just updated it again.

    Rick
     
    Rick Chauvin, Apr 12, 2005
    #13
  14. Reading a dslreports.com thread, I notice a report that says that while
    the new KB891711 doesn't show when you press Ctrl-Alt-Del, it does show
    as a running process by End-It-All.

    Is that the post you're referring to, Steve? Can anyone else confirm?
    cf. http://www.broadbandreports.com/forum/remark,13151929
     
    Gary S. Terhune, Apr 12, 2005
    #14
  15. PA Bear

    Mike M Guest

    As a running service it will be seen using a utility such as End-It-All or
    any decent process viewer - even the aged WinTop. What is no longer seen
    is an entry in the Win 9x Ctrl-Alt-Del Close Program window as KB891711 is
    no longer being launched from the
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run key but instead, and
    more correctly, from the RunServices key.
     
    Mike M, Apr 12, 2005
    #15
  16. Makes all the sense in the world, <s>. Just wanted to make sure that's
    what Steve was mis-reporting when he said that Crtl-Alt-Del shows it.
     
    Gary S. Terhune, Apr 13, 2005
    #16
  17. PA Bear

    PA Bear Guest

    [Non-Win98 newsgroups eliminated from crosspost]

    Taking the write-up at face value, Len, I'd install 891711 on top of what
    you've got now.

    We don't know what manual fixes MS had you perform yesterday. For all we
    know, today's release might include some last-minute additions to what you
    did manually. (None of us had any notice that 891711 was going to be
    re-released today.) I suppose you might call 1-866-PCSAFETY again about
    this but unfortunately I'm not sure you'd get anybody on the other end who'd
    be able to give you an informed, straight answer.

    Should something go amiss after installing 891711, a 'Scanreg /restore'
    should be able to "undo" things. In such a scenario, choose a boot
    post-dating the manual changes you made under the MS tech's direction.

    890923 is an unrelated, Cumulative Security Update for IE6 SP1.
    --
    ~PA Bear
     
    PA Bear, Apr 13, 2005
    #17
  18. PA Bear

    PA Bear Guest

    [Please remove needless crossposting before replying to this thread.]

    Let me point out that the write-up I cited suggest users *not* uninstall
    their "old" 891711 before installing the patched one, Wayne.
     
    PA Bear, Apr 13, 2005
    #18
  19. PA Bear

    PCR Guest

    That's right. It no longer shows at Ctrl-Alt-Del, but does show at
    "START, Run, MSInfo32, Software Environment, Running Tasks"...

    KB891711.EXE 4.10.2223 Microsoft Corporation Windows KB891711 component
    c:\windows\SYSTEM\KB891711\KB891711.EXE 3.0 Microsoft(R) Windows(R)
    Operating System

    == !!! IT WORKS NOW !!! ==
    == (Well, it ain't BSOD-ing, anyhow) ==


    --
    Thanks or Good Luck,
    There may be humor in this post, and,
    Naturally, you will not sue,
    should things get worse after this,
    PCR

    |
    | > Just installed update & it's back (loads at Startup & displays in
    | > running processes)!!!
    |
    | Using which tool? It will still show as running (which it should be)
    when
    | using a process viewer or system information | software environment |
    | running tasks but should no longer appear in the list displayed when
    using
    | Ctrl-Alt-Del.
    | --
    | Mike Maltby MS-MVP
    |
    |
    |
     
    PCR, Apr 13, 2005
    #19
  20. pa
    thanks for reply! there were a few deletions of registry sub folders, & not
    individual values as viewed in the right pane of regedit. they were (to the
    best of my memory) Run- RunServices- windows- they all had the minus
    sign as viewed. i DO recall the minus signs, & Run- was definately the first
    deletion. don't recall the start of the paths.

    after changes were made on machine yesterday, 4-11, i turned it off. on
    today, 4-12 & still running. will the changed scanreg /restore be of 4-11's
    date?

    also my thinking was to uninstall the old first, as others have. your
    direction is clear to leave old one installed. i may call the pcsafety #
    anyway. if i do, i'll gladly post info! i have always appreciated your
    help!!!
    thanks, len kiesling




     
    Leonard F Kiesling, Apr 13, 2005
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.