What's the deal with MS05-002 (KB891711.EXE) and Windows 98?

Page 2 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
Archived from groups: microsoft.public.win98.setup,microsoft.public.win98.gen_discussion,microsoft.public.win98.performance,microsoft.public.win98.internet.windows_update (More info?)

Well, we live in an era of 'instant PC Experts'

the typical'my brother in law-sez, ......., and the secretary at work.....

roof is needed not rumors.

I've had the update for 4 days and nothing has raised an ugly head yet.

"Dan" <spamyou@user.nec> wrote in message
news:eqDybF5JFHA.2772@TK2MSFTNGP14.phx.gbl...
> It is just what people are saying. I don't have any proof.
>
> "SFB - KB3MM" <Mickey@MouseHouse.com> wrote in message
> news:%23cwdfB5JFHA.1528@TK2MSFTNGP09.phx.gbl...
> : Any particular boards?
> :
> : Is this well founded and some one has absolute proof, or just some one
> : saying it must be ...?
> :
> : "Dan" <spamyou@user.nec> wrote in message
> : news:eNc9wh4JFHA.2772@TK2MSFTNGP14.phx.gbl...
> : > Read the discussion boards and you will see that it is causing havoc
with
> : > some user's machines and associated software and/or hardware. For
some
> of
> : > the users baddies are definately involved but definately not with all
the
> : > users.
> : >
> : > "SFB - KB3MM" <Mickey@MouseHouse.com> wrote in message
> : > news:ObT$hW4JFHA.3928@TK2MSFTNGP09.phx.gbl...
> : > : Whata's the downside of this update?
> : > :
> : > : "Ivan Bútora" <xxx@xxx.xxx> wrote in message
> : > : news:udwK9H4JFHA.1176@TK2MSFTNGP15.phx.gbl...
> : > : > Dan, please. ANY update is optional. It is up to me if I want to
> : install
> : > : it on my machine or not. Yes, I think it's good to install these
> updates
> : in
> : > : general, and I have installed all of them except KB891711. But on
the
> : other
> : > : hand, there are upsides and downsides. In the case of KB891711, the
> : > : inconvenience and trouble that is likely to be caused by this patch
is
> : far
> : > : greater than the risk of a hacker exploiting your machine. Keep in
mind
> : > that
> : > : there have been several updates this year considered "important" for
> : > Windows
> : > : 98 that have not been released publicly. As Gary Terhune pointed
out,
> : the
> : > : difference between "important" and "critical" is actually not so
> : > significant
> : > : in terms of the security threat. So yeah, your machine probably *is*
> : > : vulnerable to something. But that's life, you can't be 100% secure
all
> : the
> : > : time. I don't see the point in making such a big fuss about not
having
> : this
> : > : one patch installed.
> : > : >
> : > : > And FYI, since September 2004, my computer has been running
WITHOUT
> : > : anti-virus protection, anti-spyware, etc. So yesterday I decided I
> would
> : > run
> : > : a SpyBot check just for the hell of it, and guess what - nothing
found
> : > other
> : > : than a couple of IE cookies. My point: The most important thing is
> being
> : > : aware of what you're doing with your computer and on the Internet.
> : > : >
> : > : > Frankly, I don't know what your letter to Bill Gates was, but what
I
> : do
> : > : know is that MS should be ashamed for releasing a patch in this
manner,
> : > : without informing the users of the potential caveats, and apparently
> : > without
> : > : testing in dial-up systems, etc.
> : > : >
> : > : >
> : > : >
> : > : > "Dan" <spamyou@user.nec> wrote in message
> : > : news:%23v8mrb0JFHA.3332@TK2MSFTNGP15.phx.gbl...
> : > : > > According to PC Today, April issue it is a critical update that
has
> : as
> : > : of now
> : > : > > not been exploited by hackers. Guys and Gals you need this
> critical
> : > : update
> : > : > > because I am guessing within 3 weeks someone will find a way to
> : > : compromise
> : > : > > all 98SE and associated 9x machines that need the patch and have
> not
> : > : been
> : > : > > updated. My best guess is that the time for the hackers will be
a
> : > : maximum of
> : > : > > 3 weeks and it may be even faster so if your machine is
connected
> to
> : > the
> : > : > > Internet do whatever it takes to keep "KB891711.EXE" running
> because
> : I
> : > : am
> : > : > > sure down the line Microsoft will be able to do a better fix but
> : this
> : > is
> : > : a
> : > : > > temporary solution, hopefully to allow users to be safe while
> : on-line.
> : > : If
> : > : > > programs are not responding then discover why. People you need
> this
> : > : CRITICAL
> : > : > > PATCH and it is not optional. If Windows will not run with the
> : patch
> : > : because
> : > : > > of BSOD then disconnect from the Internet -- remove Ethernet
cable,
> : USB
> : > : cable
> : > : > > or phone cable until the problem is resolved because if you do
not
> : do
> : > : this
> : > : > > and have exited this CRITICAL PATCH then you are just asking for
> : your
> : > : system
> : > : > > to be hacked and no it will not be by me or my friends although
I
> : know
> : > a
> : > : lot
> : > : > > about security on computers and weak access points and could
> : probably
> : > do
> : > : it
> : > : > > without too much trouble if I wanted to but my heart is with
> keeping
> : > the
> : > : > > U.S.A and its Allies and businesses and finally consumers to try
> and
> : > get
> : > : one
> : > : > > small leg up on the PEOPLE who hack machines for a hobby, the
> : > : terriorists and
> : > : > > finally the script kiddies. Let me know how I and others can
help
> : you
> : > : with
> : > : > > your computer problems. Have a nice day!
> : > : > >
> : > : > > "98 Guy" <98@Guy.com> wrote in message
> : > news:42330B5D.1F0A641A@Guy.com...
> : > : > > :
> : > : > > : If you don't know what I'm talking about, look here:
> : > : > > :
> : > : > > :
http://www.microsoft.com/technet/security/Bulletin/MS05-002.mspx
> : > : > > :
> : > : > > : If you're running Win 98, and have recently (within the past
> week)
> : > : > > : gone to Windows Updates and updated your computer, you almost
> : > : > > : certainly now have the file "KB891711.EXE" running in the
> : background.
> : > : > > : It is set to run automatically at startup. First time any
such
> : > update
> : > : > > : or security patch has been configured to operate (instead of
> : simply
> : > : > > : replacing an existing file).
> : > : > > :
> : > : > > : Even though Micro$loth sez that MS05-002 (KB891711.EXE) is
> : critical
> : > : > > : for Win-98, I've read where some (many) people are simply
> : > deactivating
> : > : > > : it (via msconfig).
> : > : > > :
> : > : > > : Does anyone really know the truth regarding Win-98 and
> : KB891711.EXE?
> : > : > > :
> : > : > > : Is there anything special about it (like running it in safe
mode
> : to
> : > : > > : properly install it) ?
> : > : > > :
> : > : > > : Is it really needed? (for win-98) ?
> : > : > > :
> : > : > > : Is Win-98 really vulnerable to MS05-002 ???
> : > : > >
> : > : > >
> : > :
> : >
> : >
> :
>
>
 
Archived from groups: microsoft.public.win98.setup,microsoft.public.win98.gen_discussion,microsoft.public.win98.performance,microsoft.public.win98.internet.windows_update (More info?)

I love it. 'So I've heard' Not picking on you, don't help spread rumors.

Maybe it was just started by a Bill Basher.

"Dan" <spamyou@user.nec> wrote in message
news:OuezvB5JFHA.3484@TK2MSFTNGP12.phx.gbl...
> It is indeed a running service.
>
> "John John" <audetweld@nbnet.nb.ca> wrote in message
> news:O1wAQa4JFHA.2764@tk2msftngp13.phx.gbl...
> : SFB - KB3MM wrote:
> :
> : > Whata's the downside of this update?
> :
> : Run's a service in the background. Or so I've heard.
> :
> : John
>
>
 
Archived from groups: microsoft.public.win98.setup,microsoft.public.win98.gen_discussion,microsoft.public.win98.performance,microsoft.public.win98.internet.windows_update,alt.windows98 (More info?)

Find yourself a copy of Eudora 3.0.5 (very old). It's text only
email. If there are pictures included you can choose to view them,
but no html email. That's all I run. I hate html in my email.
You can still download it from Eudora, but I am not sure if it can be
purchased any longer. I bought it many years ago, I upgraded to a
newer version, and found the newer ones were html ONLY. I went back
to the old version.


On Sat, 12 Mar 2005 23:29:02 -0800, "Gary S. Terhune"
<grystnews@mvps.org> wrote:

>That hardly answers the question. All that says is that viewing email in
>HTML format can be risky. I don't see how switching from OE to some
>other newsreader will change that. If you view email in HTML format, you
>are much more at risk than if you view it in plain text, period. Not
>only from the vulnerabilities mentioned in this Security Bulletin, but
>from a myriad of other vulnerabilities involving HTML rendering. So, the
>answer is: View email in PlainText only. Fortunately, OE6 and up have
>this option--to view email in PlainText only. Does your newsreader have
>that option? And do you use it? If not, you're engaging in risky
>behavior.
 
Archived from groups: microsoft.public.win98.setup,microsoft.public.win98.gen_discussion,microsoft.public.win98.performance,microsoft.public.win98.internet.windows_update,alt.windows98 (More info?)

I'm not looking for a different email client. I'm simply responding to
someone who seems to think that using some other email client will
protect him from malicious code in HTML emails and that it's OE itself
that is the problem--neither proposition is true.

I use OE6, with PT-Only set. On occasion, idiots who send out HTML email
in which certain parts can *only* be seen in HTML force me to
temporarily allow HTML rendering. Major companies like Microsoft and
Computer Associates seem to be the worst offenders.

But I'm quite happy with my OE and see no compelling reason to change it
for any other email or news client.

--
Gary S. Terhune
MS MVP Shell/User
http://www.grystmill.com/articles/cleanboot.htm
http://www.grystmill.com/articles/security.htm

"Me &" <myself@no-email.com> wrote in message
news😛7c831h7542gt7ien7k8upvjqqg4se1emd@4ax.com...
> Find yourself a copy of Eudora 3.0.5 (very old). It's text only
> email. If there are pictures included you can choose to view them,
> but no html email. That's all I run. I hate html in my email.
> You can still download it from Eudora, but I am not sure if it can be
> purchased any longer. I bought it many years ago, I upgraded to a
> newer version, and found the newer ones were html ONLY. I went back
> to the old version.
>
>
> On Sat, 12 Mar 2005 23:29:02 -0800, "Gary S. Terhune"
> <grystnews@mvps.org> wrote:
>
> >That hardly answers the question. All that says is that viewing email
in
> >HTML format can be risky. I don't see how switching from OE to some
> >other newsreader will change that. If you view email in HTML format,
you
> >are much more at risk than if you view it in plain text, period. Not
> >only from the vulnerabilities mentioned in this Security Bulletin,
but
> >from a myriad of other vulnerabilities involving HTML rendering. So,
the
> >answer is: View email in PlainText only. Fortunately, OE6 and up have
> >this option--to view email in PlainText only. Does your newsreader
have
> >that option? And do you use it? If not, you're engaging in risky
> >behavior.
>
 
Archived from groups: microsoft.public.win98.setup,microsoft.public.win98.gen_discussion,microsoft.public.win98.performance,microsoft.public.win98.internet.windows_update (More info?)

Okay, I will do and your other post made me see the light so I may start
using Mozilla Thunderbird instead.

"John John" <audetweld@nbnet.nb.ca> wrote in message
news:OttRYm5JFHA.3596@TK2MSFTNGP14.phx.gbl...
: Dan wrote:
:
: > I just choose to continue to use Outlook Express.
:
: Good for you, keep on applying them security patches that run as services.
:
: John
 
Archived from groups: microsoft.public.win98.setup,microsoft.public.win98.gen_discussion,microsoft.public.win98.performance,microsoft.public.win98.internet.windows_update (More info?)

Great Post, Gary. <Hear, Hear> Also, make sure to block all HTML code in
e-mail like in Yahoo or Hotmail and I suggest with Yahoo --- e-mail that a
user always logs in with 128 bit RC4 encryption and limits access to e-mail
account on a need to know basis.

"Gary S. Terhune" <grystnews@mvps.org> wrote in message
news:OlZ3545JFHA.3992@TK2MSFTNGP15.phx.gbl...
: That hardly answers the question. All that says is that viewing email in
: HTML format can be risky. I don't see how switching from OE to some
: other newsreader will change that. If you view email in HTML format, you
: are much more at risk than if you view it in plain text, period. Not
: only from the vulnerabilities mentioned in this Security Bulletin, but
: from a myriad of other vulnerabilities involving HTML rendering. So, the
: answer is: View email in PlainText only. Fortunately, OE6 and up have
: this option--to view email in PlainText only. Does your newsreader have
: that option? And do you use it? If not, you're engaging in risky
: behavior.
:
: --
: Gary S. Terhune
: MS MVP Shell/User
: http://www.grystmill.com/articles/cleanboot.htm
: http://www.grystmill.com/articles/security.htm
:
: "John John" <audetweld@nbnet.nb.ca> wrote in message
: news:eeLJ2h5JFHA.3420@tk2msftngp13.phx.gbl...
: > Gary S. Terhune wrote:
: >
: > > Why? What does OE have to do with KB891711.EXE?
: > >
: verbatim copy of MS05-002 snipped.
:
 
Archived from groups: microsoft.public.win98.setup,microsoft.public.win98.gen_discussion,microsoft.public.win98.performance,microsoft.public.win98.internet.windows_update,alt.windows98 (More info?)

Keep up the good work, Gary.

"Gary S. Terhune" <grystnews@mvps.org> wrote in message
news:eDZbVu8JFHA.3332@TK2MSFTNGP15.phx.gbl...
: I'm not looking for a different email client. I'm simply responding to
: someone who seems to think that using some other email client will
: protect him from malicious code in HTML emails and that it's OE itself
: that is the problem--neither proposition is true.
:
: I use OE6, with PT-Only set. On occasion, idiots who send out HTML email
: in which certain parts can *only* be seen in HTML force me to
: temporarily allow HTML rendering. Major companies like Microsoft and
: Computer Associates seem to be the worst offenders.
:
: But I'm quite happy with my OE and see no compelling reason to change it
: for any other email or news client.
:
: --
: Gary S. Terhune
: MS MVP Shell/User
: http://www.grystmill.com/articles/cleanboot.htm
: http://www.grystmill.com/articles/security.htm
:
: "Me &" <myself@no-email.com> wrote in message
: news😛7c831h7542gt7ien7k8upvjqqg4se1emd@4ax.com...
: > Find yourself a copy of Eudora 3.0.5 (very old). It's text only
: > email. If there are pictures included you can choose to view them,
: > but no html email. That's all I run. I hate html in my email.
: > You can still download it from Eudora, but I am not sure if it can be
: > purchased any longer. I bought it many years ago, I upgraded to a
: > newer version, and found the newer ones were html ONLY. I went back
: > to the old version.
: >
: >
: > On Sat, 12 Mar 2005 23:29:02 -0800, "Gary S. Terhune"
: > <grystnews@mvps.org> wrote:
: >
: > >That hardly answers the question. All that says is that viewing email
: in
: > >HTML format can be risky. I don't see how switching from OE to some
: > >other newsreader will change that. If you view email in HTML format,
: you
: > >are much more at risk than if you view it in plain text, period. Not
: > >only from the vulnerabilities mentioned in this Security Bulletin,
: but
: > >from a myriad of other vulnerabilities involving HTML rendering. So,
: the
: > >answer is: View email in PlainText only. Fortunately, OE6 and up have
: > >this option--to view email in PlainText only. Does your newsreader
: have
: > >that option? And do you use it? If not, you're engaging in risky
: > >behavior.
: >
:
 
Archived from groups: microsoft.public.win98.setup,microsoft.public.win98.gen_discussion,microsoft.public.win98.performance,microsoft.public.win98.internet.windows_update,alt.windows98 (More info?)

I am Googling for it now to test it if I can get a hold of this old program.

"Me &" <myself@no-email.com> wrote in message
news😛7c831h7542gt7ien7k8upvjqqg4se1emd@4ax.com...
: Find yourself a copy of Eudora 3.0.5 (very old). It's text only
: email. If there are pictures included you can choose to view them,
: but no html email. That's all I run. I hate html in my email.
: You can still download it from Eudora, but I am not sure if it can be
: purchased any longer. I bought it many years ago, I upgraded to a
: newer version, and found the newer ones were html ONLY. I went back
: to the old version.
:
:
: On Sat, 12 Mar 2005 23:29:02 -0800, "Gary S. Terhune"
: <grystnews@mvps.org> wrote:
:
: >That hardly answers the question. All that says is that viewing email in
: >HTML format can be risky. I don't see how switching from OE to some
: >other newsreader will change that. If you view email in HTML format, you
: >are much more at risk than if you view it in plain text, period. Not
: >only from the vulnerabilities mentioned in this Security Bulletin, but
: >from a myriad of other vulnerabilities involving HTML rendering. So, the
: >answer is: View email in PlainText only. Fortunately, OE6 and up have
: >this option--to view email in PlainText only. Does your newsreader have
: >that option? And do you use it? If not, you're engaging in risky
: >behavior.
:
 
Archived from groups: microsoft.public.win98.setup,microsoft.public.win98.gen_discussion,microsoft.public.win98.performance,microsoft.public.win98.internet.windows_update (More info?)

It is not that big a deal but hopefully it will be fully incorporated in a
future Microsoft update like the other updates are.

"SFB - KB3MM" <Mickey@MouseHouse.com> wrote in message
news:OIUiTN5JFHA.2784@TK2MSFTNGP09.phx.gbl...
: I love it. 'So I've heard' Not picking on you, don't help spread rumors.
:
: Maybe it was just started by a Bill Basher.
:
: "Dan" <spamyou@user.nec> wrote in message
: news:OuezvB5JFHA.3484@TK2MSFTNGP12.phx.gbl...
: > It is indeed a running service.
: >
: > "John John" <audetweld@nbnet.nb.ca> wrote in message
: > news:O1wAQa4JFHA.2764@tk2msftngp13.phx.gbl...
: > : SFB - KB3MM wrote:
: > :
: > : > Whata's the downside of this update?
: > :
: > : Run's a service in the background. Or so I've heard.
: > :
: > : John
: >
: >
:
 
Archived from groups: microsoft.public.win98.gen_discussion,microsoft.public.win98.internet.windows_update,microsoft.public.win98.performance,microsoft.public.win98.setup (More info?)

Other users have mentioned it may affect you if you use a dial-up connection
or have an older video or sound driver or baddies on your system. Do any of
these apply to you?

"Sramic" <Sramic@discussions.microsoft.com> wrote in message
news:11B7C1D1-A450-46F5-935F-0CB1473BCD1A@microsoft.com...
: Just on a personal experience note here, ever since I installed these
latest
: security updates including: "Microsoft Security Bulletin MS05-002
: Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code
: Execution (891711)"
: I have had many blue screens of death to the point of hard rebooting to get
: out. It seems that this update is causing me nothing but grief (Win98
: 3.10.2222, AMD K6-2 450MHz). I am removing this one because I cannot use
my
: computer with it! Has anyone else experienced this kind of behavior?
:
: "Ivan Bútora" wrote:
:
: > Look through some of the recent threats in win98.gen_discussion...
: >
: > "SFB - KB3MM" <Mickey@MouseHouse.com> wrote in message
news:ObT$hW4JFHA.3928@TK2MSFTNGP09.phx.gbl...
: > > Whata's the downside of this update?
: > >
: > > "Ivan Bútora" <xxx@xxx.xxx> wrote in message
: > > news:udwK9H4JFHA.1176@TK2MSFTNGP15.phx.gbl...
: > > > Dan, please. ANY update is optional. It is up to me if I want to
install
: > > it on my machine or not. Yes, I think it's good to install these
updates in
: > > general, and I have installed all of them except KB891711. But on the
other
: > > hand, there are upsides and downsides. In the case of KB891711, the
: > > inconvenience and trouble that is likely to be caused by this patch is
far
: > > greater than the risk of a hacker exploiting your machine. Keep in mind
that
: > > there have been several updates this year considered "important" for
Windows
: > > 98 that have not been released publicly. As Gary Terhune pointed out,
the
: > > difference between "important" and "critical" is actually not so
significant
: > > in terms of the security threat. So yeah, your machine probably *is*
: > > vulnerable to something. But that's life, you can't be 100% secure all
the
: > > time. I don't see the point in making such a big fuss about not having
this
: > > one patch installed.
: > > >
: > > > And FYI, since September 2004, my computer has been running WITHOUT
: > > anti-virus protection, anti-spyware, etc. So yesterday I decided I
would run
: > > a SpyBot check just for the hell of it, and guess what - nothing found
other
: > > than a couple of IE cookies. My point: The most important thing is
being
: > > aware of what you're doing with your computer and on the Internet.
: > > >
: > > > Frankly, I don't know what your letter to Bill Gates was, but what I
do
: > > know is that MS should be ashamed for releasing a patch in this manner,
: > > without informing the users of the potential caveats, and apparently
without
: > > testing in dial-up systems, etc.
: > > >
: > > >
: > > >
: > > > "Dan" <spamyou@user.nec> wrote in message
: > > news:%23v8mrb0JFHA.3332@TK2MSFTNGP15.phx.gbl...
: > > > > According to PC Today, April issue it is a critical update that has
as
: > > of now
: > > > > not been exploited by hackers. Guys and Gals you need this
critical
: > > update
: > > > > because I am guessing within 3 weeks someone will find a way to
: > > compromise
: > > > > all 98SE and associated 9x machines that need the patch and have
not
: > > been
: > > > > updated. My best guess is that the time for the hackers will be a
: > > maximum of
: > > > > 3 weeks and it may be even faster so if your machine is connected
to the
: > > > > Internet do whatever it takes to keep "KB891711.EXE" running
because I
: > > am
: > > > > sure down the line Microsoft will be able to do a better fix but
this is
: > > a
: > > > > temporary solution, hopefully to allow users to be safe while
on-line.
: > > If
: > > > > programs are not responding then discover why. People you need
this
: > > CRITICAL
: > > > > PATCH and it is not optional. If Windows will not run with the
patch
: > > because
: > > > > of BSOD then disconnect from the Internet -- remove Ethernet cable,
USB
: > > cable
: > > > > or phone cable until the problem is resolved because if you do not
do
: > > this
: > > > > and have exited this CRITICAL PATCH then you are just asking for
your
: > > system
: > > > > to be hacked and no it will not be by me or my friends although I
know a
: > > lot
: > > > > about security on computers and weak access points and could
probably do
: > > it
: > > > > without too much trouble if I wanted to but my heart is with
keeping the
: > > > > U.S.A and its Allies and businesses and finally consumers to try
and get
: > > one
: > > > > small leg up on the PEOPLE who hack machines for a hobby, the
: > > terriorists and
: > > > > finally the script kiddies. Let me know how I and others can help
you
: > > with
: > > > > your computer problems. Have a nice day!
: > > > >
: > > > > "98 Guy" <98@Guy.com> wrote in message
news:42330B5D.1F0A641A@Guy.com...
: > > > > :
: > > > > : If you don't know what I'm talking about, look here:
: > > > > :
: > > > > : http://www.microsoft.com/technet/security/Bulletin/MS05-002.mspx
: > > > > :
: > > > > : If you're running Win 98, and have recently (within the past
week)
: > > > > : gone to Windows Updates and updated your computer, you almost
: > > > > : certainly now have the file "KB891711.EXE" running in the
background.
: > > > > : It is set to run automatically at startup. First time any such
update
: > > > > : or security patch has been configured to operate (instead of
simply
: > > > > : replacing an existing file).
: > > > > :
: > > > > : Even though Micro$loth sez that MS05-002 (KB891711.EXE) is
critical
: > > > > : for Win-98, I've read where some (many) people are simply
deactivating
: > > > > : it (via msconfig).
: > > > > :
: > > > > : Does anyone really know the truth regarding Win-98 and
KB891711.EXE?
: > > > > :
: > > > > : Is there anything special about it (like running it in safe mode
to
: > > > > : properly install it) ?
: > > > > :
: > > > > : Is it really needed? (for win-98) ?
: > > > > :
: > > > > : Is Win-98 really vulnerable to MS05-002 ???
: > > > >
: > > > >
: > >
: >
 
Archived from groups: microsoft.public.win98.setup,microsoft.public.win98.gen_discussion,microsoft.public.win98.performance,microsoft.public.win98.internet.windows_update (More info?)

Thanks for letting me know. Do you have a broadband connection and are you
willing to share any software that you have at this newsgroup with us? You
do not have to tell us if you do not want to of course.

"SFB - KB3MM" <Mickey@MouseHouse.com> wrote in message
news:e57ATN5JFHA.2784@TK2MSFTNGP09.phx.gbl...
: Well, we live in an era of 'instant PC Experts'
:
: the typical'my brother in law-sez, ......., and the secretary at work.....
:
: roof is needed not rumors.
:
: I've had the update for 4 days and nothing has raised an ugly head yet.
:
: "Dan" <spamyou@user.nec> wrote in message
: news:eqDybF5JFHA.2772@TK2MSFTNGP14.phx.gbl...
: > It is just what people are saying. I don't have any proof.
: >
: > "SFB - KB3MM" <Mickey@MouseHouse.com> wrote in message
: > news:%23cwdfB5JFHA.1528@TK2MSFTNGP09.phx.gbl...
: > : Any particular boards?
: > :
: > : Is this well founded and some one has absolute proof, or just some one
: > : saying it must be ...?
: > :
: > : "Dan" <spamyou@user.nec> wrote in message
: > : news:eNc9wh4JFHA.2772@TK2MSFTNGP14.phx.gbl...
: > : > Read the discussion boards and you will see that it is causing havoc
: with
: > : > some user's machines and associated software and/or hardware. For
: some
: > of
: > : > the users baddies are definately involved but definately not with all
: the
: > : > users.
: > : >
: > : > "SFB - KB3MM" <Mickey@MouseHouse.com> wrote in message
: > : > news:ObT$hW4JFHA.3928@TK2MSFTNGP09.phx.gbl...
: > : > : Whata's the downside of this update?
: > : > :
: > : > : "Ivan Bútora" <xxx@xxx.xxx> wrote in message
: > : > : news:udwK9H4JFHA.1176@TK2MSFTNGP15.phx.gbl...
: > : > : > Dan, please. ANY update is optional. It is up to me if I want to
: > : install
: > : > : it on my machine or not. Yes, I think it's good to install these
: > updates
: > : in
: > : > : general, and I have installed all of them except KB891711. But on
: the
: > : other
: > : > : hand, there are upsides and downsides. In the case of KB891711, the
: > : > : inconvenience and trouble that is likely to be caused by this patch
: is
: > : far
: > : > : greater than the risk of a hacker exploiting your machine. Keep in
: mind
: > : > that
: > : > : there have been several updates this year considered "important"
for
: > : > Windows
: > : > : 98 that have not been released publicly. As Gary Terhune pointed
: out,
: > : the
: > : > : difference between "important" and "critical" is actually not so
: > : > significant
: > : > : in terms of the security threat. So yeah, your machine probably
*is*
: > : > : vulnerable to something. But that's life, you can't be 100% secure
: all
: > : the
: > : > : time. I don't see the point in making such a big fuss about not
: having
: > : this
: > : > : one patch installed.
: > : > : >
: > : > : > And FYI, since September 2004, my computer has been running
: WITHOUT
: > : > : anti-virus protection, anti-spyware, etc. So yesterday I decided I
: > would
: > : > run
: > : > : a SpyBot check just for the hell of it, and guess what - nothing
: found
: > : > other
: > : > : than a couple of IE cookies. My point: The most important thing is
: > being
: > : > : aware of what you're doing with your computer and on the Internet.
: > : > : >
: > : > : > Frankly, I don't know what your letter to Bill Gates was, but
what
: I
: > : do
: > : > : know is that MS should be ashamed for releasing a patch in this
: manner,
: > : > : without informing the users of the potential caveats, and
apparently
: > : > without
: > : > : testing in dial-up systems, etc.
: > : > : >
: > : > : >
: > : > : >
: > : > : > "Dan" <spamyou@user.nec> wrote in message
: > : > : news:%23v8mrb0JFHA.3332@TK2MSFTNGP15.phx.gbl...
: > : > : > > According to PC Today, April issue it is a critical update that
: has
: > : as
: > : > : of now
: > : > : > > not been exploited by hackers. Guys and Gals you need this
: > critical
: > : > : update
: > : > : > > because I am guessing within 3 weeks someone will find a way to
: > : > : compromise
: > : > : > > all 98SE and associated 9x machines that need the patch and
have
: > not
: > : > : been
: > : > : > > updated. My best guess is that the time for the hackers will
be
: a
: > : > : maximum of
: > : > : > > 3 weeks and it may be even faster so if your machine is
: connected
: > to
: > : > the
: > : > : > > Internet do whatever it takes to keep "KB891711.EXE" running
: > because
: > : I
: > : > : am
: > : > : > > sure down the line Microsoft will be able to do a better fix
but
: > : this
: > : > is
: > : > : a
: > : > : > > temporary solution, hopefully to allow users to be safe while
: > : on-line.
: > : > : If
: > : > : > > programs are not responding then discover why. People you need
: > this
: > : > : CRITICAL
: > : > : > > PATCH and it is not optional. If Windows will not run with the
: > : patch
: > : > : because
: > : > : > > of BSOD then disconnect from the Internet -- remove Ethernet
: cable,
: > : USB
: > : > : cable
: > : > : > > or phone cable until the problem is resolved because if you do
: not
: > : do
: > : > : this
: > : > : > > and have exited this CRITICAL PATCH then you are just asking
for
: > : your
: > : > : system
: > : > : > > to be hacked and no it will not be by me or my friends although
: I
: > : know
: > : > a
: > : > : lot
: > : > : > > about security on computers and weak access points and could
: > : probably
: > : > do
: > : > : it
: > : > : > > without too much trouble if I wanted to but my heart is with
: > keeping
: > : > the
: > : > : > > U.S.A and its Allies and businesses and finally consumers to
try
: > and
: > : > get
: > : > : one
: > : > : > > small leg up on the PEOPLE who hack machines for a hobby, the
: > : > : terriorists and
: > : > : > > finally the script kiddies. Let me know how I and others can
: help
: > : you
: > : > : with
: > : > : > > your computer problems. Have a nice day!
: > : > : > >
: > : > : > > "98 Guy" <98@Guy.com> wrote in message
: > : > news:42330B5D.1F0A641A@Guy.com...
: > : > : > > :
: > : > : > > : If you don't know what I'm talking about, look here:
: > : > : > > :
: > : > : > > :
: http://www.microsoft.com/technet/security/Bulletin/MS05-002.mspx
: > : > : > > :
: > : > : > > : If you're running Win 98, and have recently (within the past
: > week)
: > : > : > > : gone to Windows Updates and updated your computer, you almost
: > : > : > > : certainly now have the file "KB891711.EXE" running in the
: > : background.
: > : > : > > : It is set to run automatically at startup. First time any
: such
: > : > update
: > : > : > > : or security patch has been configured to operate (instead of
: > : simply
: > : > : > > : replacing an existing file).
: > : > : > > :
: > : > : > > : Even though Micro$loth sez that MS05-002 (KB891711.EXE) is
: > : critical
: > : > : > > : for Win-98, I've read where some (many) people are simply
: > : > deactivating
: > : > : > > : it (via msconfig).
: > : > : > > :
: > : > : > > : Does anyone really know the truth regarding Win-98 and
: > : KB891711.EXE?
: > : > : > > :
: > : > : > > : Is there anything special about it (like running it in safe
: mode
: > : to
: > : > : > > : properly install it) ?
: > : > : > > :
: > : > : > > : Is it really needed? (for win-98) ?
: > : > : > > :
: > : > : > > : Is Win-98 really vulnerable to MS05-002 ???
: > : > : > >
: > : > : > >
: > : > :
: > : >
: > : >
: > :
: >
: >
:
 
Archived from groups: microsoft.public.win98.setup,microsoft.public.win98.gen_discussion,microsoft.public.win98.performance,microsoft.public.win98.internet.windows_update,alt.windows98 (More info?)

On Sun, 13 Mar 2005 06:45:27 -0700, "Dan" <spamyou@user.nec> wrote:

>I am Googling for it now to test it if I can get a hold of this old program.

http://www.oldversion.com/program.php?n=eudora

I suggest 3.0.6.

--
Luke
 
Archived from groups: microsoft.public.win98.setup,microsoft.public.win98.gen_discussion,microsoft.public.win98.performance,microsoft.public.win98.internet.windows_update,alt.windows98 (More info?)

Thanks, Luke what does 3.06 give you that 3.05 does not give you?

"Luke" <luke@nowhere.com> wrote in message
news:7tk831td25dlrcfk5idroia9nb6b5rm4ve@4ax.com...
: On Sun, 13 Mar 2005 06:45:27 -0700, "Dan" <spamyou@user.nec> wrote:
:
: >I am Googling for it now to test it if I can get a hold of this old
program.
:
: http://www.oldversion.com/program.php?n=eudora
:
: I suggest 3.0.6.
:
: --
: Luke
 
Archived from groups: microsoft.public.win98.setup,microsoft.public.win98.gen_discussion,microsoft.public.win98.performance,microsoft.public.win98.internet.windows_update,alt.windows98 (More info?)

In news:eDZbVu8JFHA.3332@TK2MSFTNGP15.phx.gbl,
Gary S. Terhune <grystnews@mvps.org> had this to say:

My reply is at the bottom of your sent message:

> But I'm quite happy with my OE and see no compelling reason to change
> it for any other email or news client.

OE 6 SP1 (IIRC) was where the ability to read all mail in plain text was
added. Probably one of the greatest features of OE that I've ever come
across. Reading mail in anything other than plain text these days is insane.
IOW I agree 110% and use OE almost exclusively unless I'm using XNews on
someone else's computer.

Galen
--
Signature changed for a moment of silence.
Rest well Alex and we'll see you on the other side.
 
Archived from groups: microsoft.public.win98.setup,microsoft.public.win98.gen_discussion,microsoft.public.win98.performance,microsoft.public.win98.internet.windows_update,alt.windows98 (More info?)

On Sun, 13 Mar 2005 08:43:54 -0700, "Dan" <spamyou@user.nec> wrote:

>Thanks, Luke what does 3.06 give you that 3.05 does not give you?
[snip]

I don't know. Was there a 3.0.5? If there was, my guess is .5 and .6
would be a minor difference of some sort, maybe a bug fix, not a
feature change. 3.0.6 is 32 bit, FWIW, and I think the last version
before Eudora Lite became ad/nagware. I've used Eudora Lite since near
forever, but can't recall all the changes 🙂. I currently use 3.0.6,
but I see no advantage of one plain text e-mail app over another other
than what interface you like and what you're accustomed to.

--
Luke
 
Archived from groups: microsoft.public.win98.setup,microsoft.public.win98.gen_discussion,microsoft.public.win98.performance,microsoft.public.win98.internet.windows_update,alt.windows98 (More info?)

All it says to me is that the patch is to fix OE and if you don't use
OE you don't need the patch.

John

Gary S. Terhune wrote:

> That hardly answers the question. All that says is that viewing email in
> HTML format can be risky. I don't see how switching from OE to some
> other newsreader will change that. If you view email in HTML format, you
> are much more at risk than if you view it in plain text, period. Not
> only from the vulnerabilities mentioned in this Security Bulletin, but
> from a myriad of other vulnerabilities involving HTML rendering. So, the
> answer is: View email in PlainText only. Fortunately, OE6 and up have
> this option--to view email in PlainText only. Does your newsreader have
> that option? And do you use it? If not, you're engaging in risky
> behavior.
>
 
Archived from groups: microsoft.public.win98.setup,microsoft.public.win98.gen_discussion,microsoft.public.win98.performance,microsoft.public.win98.internet.windows_update,alt.windows98 (More info?)

Well, then you need to read the bulletin again. OE is only mentioned in
that it is one vector out of many that might allow HTML-based malicious
code into your system. Microsoft simply included discussion of other
mitigating factors in certain scenarios involving MS products, and not
just OE. Also discussed are IE security and Outlook, a product that
shares little with OE other than the name and the news client.

Just because Microsoft didn't discuss other, 3rd-party vectors for the
malware involved doesn't mean those vectors don't exist. Fact is, *any*
application that renders HTML may be susceptible to the vulnerability.

--
Gary S. Terhune
MS MVP Shell/User
http://www.grystmill.com/articles/cleanboot.htm
http://www.grystmill.com/articles/security.htm

"John John" <audetweld@nbnet.nb.ca> wrote in message
news:u61yzJ%23JFHA.3596@TK2MSFTNGP14.phx.gbl...
> All it says to me is that the patch is to fix OE and if you don't use
> OE you don't need the patch.
>
> John
>
> Gary S. Terhune wrote:
>
> > That hardly answers the question. All that says is that viewing
email in
> > HTML format can be risky. I don't see how switching from OE to some
> > other newsreader will change that. If you view email in HTML format,
you
> > are much more at risk than if you view it in plain text, period. Not
> > only from the vulnerabilities mentioned in this Security Bulletin,
but
> > from a myriad of other vulnerabilities involving HTML rendering. So,
the
> > answer is: View email in PlainText only. Fortunately, OE6 and up
have
> > this option--to view email in PlainText only. Does your newsreader
have
> > that option? And do you use it? If not, you're engaging in risky
> > behavior.
> >
 
Archived from groups: microsoft.public.win98.gen_discussion,microsoft.public.win98.internet.windows_update,microsoft.public.win98.performance,microsoft.public.win98.setup (More info?)

We have two out of our three Win98SE computers at work that are experiencing those
exact symptoms since installing the update mentioned. Despite some of the claims
here as to the cause, the machines have no malware; are using the latest updated
drivers for sound and video (machines are only a couple of years old); are not using
McAfee or Norton products; and are connected via broadband (RoadRunner) through a
NetGear router. I removed the update and all is well. I await some clarification
from MS.

The WinME computer and all the XP machines in the same network have no problem.
--
Glen Ventura, MS MVP Shell/User, A+
~ In memory of our friend, MVP Alex Nichol ~
http://aumha.org/alex.htm
http://dts-l.org/goodpost.htm


"Sramic" <Sramic@discussions.microsoft.com> wrote in message
news:11B7C1D1-A450-46F5-935F-0CB1473BCD1A@microsoft.com...
> Just on a personal experience note here, ever since I installed these latest
> security updates including: "Microsoft Security Bulletin MS05-002
> Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code
> Execution (891711)"
> I have had many blue screens of death to the point of hard rebooting to get
> out. It seems that this update is causing me nothing but grief (Win98
> 3.10.2222, AMD K6-2 450MHz). I am removing this one because I cannot use my
> computer with it! Has anyone else experienced this kind of behavior?
>
> "Ivan Bútora" wrote:
>
> > Look through some of the recent threats in win98.gen_discussion...
> >
> > "SFB - KB3MM" <Mickey@MouseHouse.com> wrote in message
news:ObT$hW4JFHA.3928@TK2MSFTNGP09.phx.gbl...
> > > Whata's the downside of this update?
> > >
> > > "Ivan Bútora" <xxx@xxx.xxx> wrote in message
> > > news:udwK9H4JFHA.1176@TK2MSFTNGP15.phx.gbl...
> > > > Dan, please. ANY update is optional. It is up to me if I want to install
> > > it on my machine or not. Yes, I think it's good to install these updates in
> > > general, and I have installed all of them except KB891711. But on the other
> > > hand, there are upsides and downsides. In the case of KB891711, the
> > > inconvenience and trouble that is likely to be caused by this patch is far
> > > greater than the risk of a hacker exploiting your machine. Keep in mind that
> > > there have been several updates this year considered "important" for Windows
> > > 98 that have not been released publicly. As Gary Terhune pointed out, the
> > > difference between "important" and "critical" is actually not so significant
> > > in terms of the security threat. So yeah, your machine probably *is*
> > > vulnerable to something. But that's life, you can't be 100% secure all the
> > > time. I don't see the point in making such a big fuss about not having this
> > > one patch installed.
> > > >
> > > > And FYI, since September 2004, my computer has been running WITHOUT
> > > anti-virus protection, anti-spyware, etc. So yesterday I decided I would run
> > > a SpyBot check just for the hell of it, and guess what - nothing found other
> > > than a couple of IE cookies. My point: The most important thing is being
> > > aware of what you're doing with your computer and on the Internet.
> > > >
> > > > Frankly, I don't know what your letter to Bill Gates was, but what I do
> > > know is that MS should be ashamed for releasing a patch in this manner,
> > > without informing the users of the potential caveats, and apparently without
> > > testing in dial-up systems, etc.
> > > >
> > > >
> > > >
> > > > "Dan" <spamyou@user.nec> wrote in message
> > > news:%23v8mrb0JFHA.3332@TK2MSFTNGP15.phx.gbl...
> > > > > According to PC Today, April issue it is a critical update that has as
> > > of now
> > > > > not been exploited by hackers. Guys and Gals you need this critical
> > > update
> > > > > because I am guessing within 3 weeks someone will find a way to
> > > compromise
> > > > > all 98SE and associated 9x machines that need the patch and have not
> > > been
> > > > > updated. My best guess is that the time for the hackers will be a
> > > maximum of
> > > > > 3 weeks and it may be even faster so if your machine is connected to the
> > > > > Internet do whatever it takes to keep "KB891711.EXE" running because I
> > > am
> > > > > sure down the line Microsoft will be able to do a better fix but this is
> > > a
> > > > > temporary solution, hopefully to allow users to be safe while on-line.
> > > If
> > > > > programs are not responding then discover why. People you need this
> > > CRITICAL
> > > > > PATCH and it is not optional. If Windows will not run with the patch
> > > because
> > > > > of BSOD then disconnect from the Internet -- remove Ethernet cable, USB
> > > cable
> > > > > or phone cable until the problem is resolved because if you do not do
> > > this
> > > > > and have exited this CRITICAL PATCH then you are just asking for your
> > > system
> > > > > to be hacked and no it will not be by me or my friends although I know a
> > > lot
> > > > > about security on computers and weak access points and could probably do
> > > it
> > > > > without too much trouble if I wanted to but my heart is with keeping the
> > > > > U.S.A and its Allies and businesses and finally consumers to try and get
> > > one
> > > > > small leg up on the PEOPLE who hack machines for a hobby, the
> > > terriorists and
> > > > > finally the script kiddies. Let me know how I and others can help you
> > > with
> > > > > your computer problems. Have a nice day!
> > > > >
> > > > > "98 Guy" <98@Guy.com> wrote in message news:42330B5D.1F0A641A@Guy.com...
> > > > > :
> > > > > : If you don't know what I'm talking about, look here:
> > > > > :
> > > > > : http://www.microsoft.com/technet/security/Bulletin/MS05-002.mspx
> > > > > :
> > > > > : If you're running Win 98, and have recently (within the past week)
> > > > > : gone to Windows Updates and updated your computer, you almost
> > > > > : certainly now have the file "KB891711.EXE" running in the background.
> > > > > : It is set to run automatically at startup. First time any such update
> > > > > : or security patch has been configured to operate (instead of simply
> > > > > : replacing an existing file).
> > > > > :
> > > > > : Even though Micro$loth sez that MS05-002 (KB891711.EXE) is critical
> > > > > : for Win-98, I've read where some (many) people are simply deactivating
> > > > > : it (via msconfig).
> > > > > :
> > > > > : Does anyone really know the truth regarding Win-98 and KB891711.EXE?
> > > > > :
> > > > > : Is there anything special about it (like running it in safe mode to
> > > > > : properly install it) ?
> > > > > :
> > > > > : Is it really needed? (for win-98) ?
> > > > > :
> > > > > : Is Win-98 really vulnerable to MS05-002 ???
> > > > >
> > > > >
> > >
> >
 
Archived from groups: microsoft.public.win98.gen_discussion,microsoft.public.win98.internet.windows_update,microsoft.public.win98.performance,microsoft.public.win98.setup (More info?)

Glad to hear someone else had similar problems. My video card is
a GeForce 2MX400 with 40.72 vers. Nvidia drivers, there are newer drivers
but they don't work as well on my system.

"glee" wrote:

> We have two out of our three Win98SE computers at work that are experiencing those
> exact symptoms since installing the update mentioned. Despite some of the claims
> here as to the cause, the machines have no malware; are using the latest updated
> drivers for sound and video (machines are only a couple of years old); are not using
> McAfee or Norton products; and are connected via broadband (RoadRunner) through a
> NetGear router. I removed the update and all is well. I await some clarification
> from MS.
>
> The WinME computer and all the XP machines in the same network have no problem.
> --
> Glen Ventura, MS MVP Shell/User, A+
> ~ In memory of our friend, MVP Alex Nichol ~
> http://aumha.org/alex.htm
> http://dts-l.org/goodpost.htm
 
Archived from groups: microsoft.public.win98.gen_discussion,microsoft.public.win98.internet.windows_update,microsoft.public.win98.performance,microsoft.public.win98.setup,alt.windows98 (More info?)

There have been several updates from Micro$loth lately:

Security Update for Windows 98 (KB891711)
Security Update for Windows 98 (KB888113)
Security Update for Windows 98 (KB891781)
Security Update for Windows 98 (KB890175)
Cumulative Security Update for IE 6 SP-1 (KB867282)

The most recent being KB891711 and KB888113, which are (probably)
getting installed at the same time for most people.

Both of them are listed as "critical" across the board for all Windows
platforms, even XP AND Windows Server 2003.

There seems to be 4 different issues pertaining to KB891711, which
(apparently) was discovered or made public in late December, 2004.

CVE references:

CAN-2004-1049 (LoadImage API of USER32 Lib / code execution)
CAN-2004-1305 (only a DoS type problem ???)
CAN-2004-1306 (vulnerability in .HLP file processing)
CAN-2004-1361 (vulnerability in .HLP file processing)

It's not clear to me that Microsoft has released patches that address
items 1306 and 1361. Descriptions of these items indicate that Win-98
is not affected (or could be an oversight).

See:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1306
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1361

Item 1049 seems to be the real problem:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1049

Integer overflow in the LoadImage API of the USER32 Lib for Microsoft
Windows allows remote attackers to execute arbitrary code via a .bmp,
..cur, .ico or .ani file with a large image size field, which leads to
a buffer overflow, aka the "Cursor and Icon Format Handling
Vulnerability."

Seems to me that the vulnerability to this item depends on how your
browser or e-mail client handles imbedded or attached files of the
types mentioned. Additionally, the user might have to actually
"click" or attempt to execute the malformed files in question to
initiate the vulnerability.

According to Secunia, there are currently 3 security advisories for
Win-98se that remain "unpatched" and 1 with a partial fix:

http://secunia.com/product/13/

I highly advise all Win-98 users to have a look at that page.

Item KB888113 seems to be more browser related (see bottom of this
post). Win-98 is listed specifically as vulnerable.



Details for KB891711 / MS05-002:
---------------------------------------------
Vulnerability in Cursor and Icon Format Handling Could Allow Remote
Code Execution

http://www.microsoft.com/technet/security/Bulletin/MS05-002.mspx

1) Cursor and Icon Format Handling Vulnerability - CAN-2004-1049
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1049

Integer overflow in the LoadImage API of the USER32 Lib for
Microsoft Windows allows remote attackers to execute arbitrary
code via a .bmp, .cur, .ico or .ani file with a large image
size field, which leads to a buffer overflow, aka the "Cursor
and Icon Format Handling Vulnerability."

2) Windows Kernel Vulnerability - CAN-2004-1305
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1305

The vulnerability of Windows 98 to these items is not specifically
stated in this link:
http://www.xfocus.net/flashsky/icoExp/index.html

See also: http://www.kb.cert.org/vuls/id/625856

Microsoft Windows LoadImage API vulnerable to integer overflow

Overview

The Microsoft Windows LoadImage API routine is vulnerable to an
integer overflow that may allow a remote attacker to execute arbitrary
code on a vulnerable system.

Description

The LoadImage API routine is used to load an image from a file on
Microsoft Windows platforms. The LoadImage API is included part of the
USER 32 library. A lack of input validation on user supplied input to
the LoadImage API routine may allow an integer overflow to occur. If a
remote attacker supplies a specially crafted image file to a
vulnerable system, that attacker may be able to trigger the integer
overflow to compromise that system.

An exploitable integer buffer overflow exists in the LoadImage API of
the USER32 Lib. This function loads an icon, a cursor or a bitmap and
then try to proceed the image. If an attacker sends a specially
crafter bmp, cur, ico or ani file within an HTML page or in an Email,
it is then possible to run arbitrary code on the affected system.

According to public reports, many Microsoft Windows are affected.
However, reports also indicate Windows XP with Service Pack 2 is not
vulnerable, but we have not confirmed this.

!^!^!^!^!^!^!^!^!^
Note that exploits for this vulnerability are publicly available.

!^!^!^!^!^!^!^!^!

Impact

If a remote attacker can persuade a user to access a specially crafted
image file, the attacker may be able to execute arbitrary code on that
user's system, possibly with elevated privileges. Potentially any
operation that displays an image could trigger exploitation; for
instance, browsing the file system, reading HTML email, or browsing
websites.

Solution

Apply Patch

Apply a patch as described in Microsoft Security Bulletin MS05-002.
Please also note that Microsoft is actively deploying the patches for
this vulnerability via Windows Update.
---------------------------------------------



Details for KB888113 / MS05-015:
------------------------------------------------
Vulnerability in hyperlink object library could allow remote
code execution
http://support.microsoft.com/kb/888113
or
http://www.microsoft.com/technet/security/bulletin/ms05-015.mspx
also
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0057
and
http://www.kb.cert.org/vuls/id/820427

Description
An unchecked buffer in the Microsoft Object Library is vulnerable to
attack when malformed hyperlinks are handled. Such handling occurs
most often when a user clicks on a hyperlink in a browser or in
HTML-rendered email. The Object Library is a dynamic application
interface library used by Windows programs to manage hyperlink
objects. Hyperlink objects are any COM objects (including ActiveX)
that implement the IHlink interface.

Impact
An attacker could execute arbitrary code of their choosing on the
system running the vulnerable version of Windows. Upon successful
exploitation, the malicious code would be executed with the privileges
of the user being attacked.

Workarounds
As noted in Microsoft Security Bulletin MS05-015:
Read e-mail messages in plain text format if you are using Outlook
2002 or a later version, or Outlook Express 6 SP1 or a later version,
to help protect yourself from the HTML e-mail attack vector. Note
that an email-borne attack vector requires a click event on a
hyperlink to occur.
----------------------------------------------

Interesting that the work-around mentions Outlook 2002. What about
Outlook 2000?
 
Archived from groups: microsoft.public.win98.setup,microsoft.public.win98.gen_discussion,microsoft.public.win98.performance,microsoft.public.win98.internet.windows_update,alt.windows98 (More info?)

"Gary S. Terhune" <grystnews@mvps.org> wrote in message
news:OlZ3545JFHA.3992@TK2MSFTNGP15.phx.gbl...
> That hardly answers the question. All that says is that viewing email in
> HTML format can be risky. I don't see how switching from OE to some
> other newsreader will change that. If you view email in HTML format, you
> are much more at risk than if you view it in plain text, period. Not
> only from the vulnerabilities mentioned in this Security Bulletin, but
> from a myriad of other vulnerabilities involving HTML rendering. So, the
> answer is: View email in PlainText only.

Yes

Fortunately, OE6 and up have
> this option--to view email in PlainText only. Does your newsreader have
> that option? And do you use it? If not, you're engaging in risky
> behavior.
>
> --
> Gary S. Terhune
> MS MVP Shell/User
> http://www.grystmill.com/articles/cleanboot.htm
> http://www.grystmill.com/articles/security.htm
>
> "John John" <audetweld@nbnet.nb.ca> wrote in message
> news:eeLJ2h5JFHA.3420@tk2msftngp13.phx.gbl...
> > Gary S. Terhune wrote:
> >
> > > Why? What does OE have to do with KB891711.EXE?
> > >
> verbatim copy of MS05-002 snipped.
>
 
Archived from groups: microsoft.public.win98.setup,microsoft.public.win98.gen_discussion,microsoft.public.win98.performance,microsoft.public.win98.internet.windows_update,alt.windows98 (More info?)

g'day john john,

i don't use oe for much is there another program similar that i can
use instead?

ta

len

snipped
--
happy gardening
'it works for me it could work for you,'

"in the end ya' gotta do what ya' gotta do" but consider others and the environment
http://members.optusnet.com.au/~gardenlen1/

my e/mail addies have spam filters you should know what to delete before you send.
 
Archived from groups: microsoft.public.win98.setup,microsoft.public.win98.gen_discussion,microsoft.public.win98.performance,microsoft.public.win98.internet.windows_update,alt.windows98 (More info?)

Thunderbird (free): http://www.mozilla.org/products/thunderbird/

Pegasus Mail (free): http://www.pmail.com/overviews.htm

Eudora (not free): http://www.eudora.com/eudoralight/

Agent (not free): http://www.forteinc.com/agent/index.php


Many others exist. Search the net for "mail reader".

My favorite is Thunderbird, can be had "stand alone" or part of the
Mozilla/Firefox "suite" http://www.mozilla.org/products/firefox/

You will never go back to IE and OE once you experience the Mozilla
applications.

John



len gardener wrote:

> g'day john john,
>
> i don't use oe for much is there another program similar that i can
> use instead?
>
> ta
>
> len
>
> snipped
 
Archived from groups: microsoft.public.win98.setup,microsoft.public.win98.gen_discussion,microsoft.public.win98.performance,microsoft.public.win98.internet.windows_update (More info?)

John, I like Mozilla Firefox better than IE but cannot get used to the
Mozilla Thunderbird newsgroup as of yet. Maybe I am just too comfortable
with Outlook Express.

"John John" <audetweld@nbnet.nb.ca> wrote in message
news:udfMu%233JFHA.3928@TK2MSFTNGP09.phx.gbl...
: Thunderbird (free): http://www.mozilla.org/products/thunderbird/
:
: Pegasus Mail (free): http://www.pmail.com/overviews.htm
:
: Eudora (not free): http://www.eudora.com/eudoralight/
:
: Agent (not free): http://www.forteinc.com/agent/index.php
:
:
: Many others exist. Search the net for "mail reader".
:
: My favorite is Thunderbird, can be had "stand alone" or part of the
: Mozilla/Firefox "suite" http://www.mozilla.org/products/firefox/
:
: You will never go back to IE and OE once you experience the Mozilla
: applications.
:
: John
:
:
:
: len gardener wrote:
:
: > g'day john john,
: >
: > i don't use oe for much is there another program similar that i can
: > use instead?
: >
: > ta
: >
: > len
: >
: > snipped
 
Archived from groups: microsoft.public.win98.setup,microsoft.public.win98.gen_discussion,microsoft.public.win98.performance,microsoft.public.win98.internet.windows_update,alt.windows98 (More info?)

In news:udfMu%233JFHA.3928@TK2MSFTNGP09.phx.gbl,
John John <audetweld@nbnet.nb.ca> had this to say:

My reply is at the bottom of your sent message:

> You will never go back to IE and OE once you experience the Mozilla
> applications.

Unless you use Hotmail. In that case you'll want something like Hotmail
Popper 😉

Galen
--
Signature changed for a moment of silence.
Rest well Alex and we'll see you on the other side.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom