KB891711 on Win9x/ME has been updated

This is a repost from an original by; Microsoft MVP Robear Dyer concerning an issue noted
with KB891711 on Win9x/ME platforms and had been noted as problematic in *many* News Groups
in the beginning to mid-March..

~~~~~~~~~~~~~~~~~

Microsoft Security Bulletin MS05-002: Vulnerability in Cursor and Icon
Format Handling Could Allow Remote Code Execution (891711):
http://www.microsoft.com/technet/Sec.../ms05-002.mspx

<quote>
Why was this security bulletin updated on April 12, 2005?

After the release of the MS05-002 security bulletin, Microsoft became aware
of an issue affecting customers deploying the Windows 98, 98SE and ME
security update. In most cases, the issue caused machines to unexpectedly
restart.

Microsoft has investigated this issue and has made available revised
security updates for these platforms. These revised security updates are
available from Windows Update and the Microsoft Download Center. Customers
who have not yet applied the original version of these updates should visit
Windows Update to receive the revised updates.

[NB:] Customers who have already applied the original Windows 98, 98SE and
ME security update are advised to install the current revision of the update
from Windows Update.

<snip>

Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition
critically affected by any of the vulnerabilities that are addressed in this
security bulletin?

Yes. Windows 98, Windows 98 Second Edition, and Windows Millennium Edition
are critically affected by this vulnerability. A Critical security update
for these platforms is available and is provided as part of this security
bulletin and can be downloaded only from the Windows Update Web site.
[Emphasis added]
</quote>

Thanks to all those who called MS at 1-866-PCSAFETY about the bug in 891711
as released in Feb-05. Your documentation of the problems caused by 891711
played a major role in getting them fixed.

AFAIK KB891711 should no longer load at Startup and display as a running
Process.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

David H. Lipman

On Tue, 12 Apr 2005 19:18:39 GMT, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:

>This is a repost from an original by; Microsoft MVP Robear Dyer concerning an issue noted
>with KB891711 on Win9x/ME platforms and had been noted as problematic in *many* News Groups
>in the beginning to mid-March..
>
>~~~~~~~~~~~~~~~~~
Thanks for the heads up.

Regards,



--
Stephen Howard - Woodwind repairs & period restorations
www.shwoodwind.co.uk
Emails to: showard{whoisat}shwoodwind{dot}co{dot}uk

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:jaV6e.14296$nH4.1196@trndny05...
> This is a repost from an original by; Microsoft MVP Robear Dyer concerning
an issue noted
> with KB891711 on Win9x/ME platforms and had been noted as problematic in
*many* News Groups
> in the beginning to mid-March..
>
> ~~~~~~~~~~~~~~~~~
>
> Microsoft Security Bulletin MS05-002: Vulnerability in Cursor and Icon
> Format Handling Could Allow Remote Code Execution (891711):
> http://www.microsoft.com/technet/Sec.../ms05-002.mspx
>
> <quote>
> Why was this security bulletin updated on April 12, 2005?
>
> After the release of the MS05-002 security bulletin, Microsoft became
aware
> of an issue affecting customers deploying the Windows 98, 98SE and ME
> security update. In most cases, the issue caused machines to unexpectedly
> restart.
>
> Microsoft has investigated this issue and has made available revised
> security updates for these platforms. These revised security updates are
> available from Windows Update and the Microsoft Download Center. Customers
> who have not yet applied the original version of these updates should
visit
> Windows Update to receive the revised updates.
>
> [NB:] Customers who have already applied the original Windows 98, 98SE and
> ME security update are advised to install the current revision of the
update
> from Windows Update.
>
> <snip>
>
> Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition
> critically affected by any of the vulnerabilities that are addressed in
this
> security bulletin?
>
> Yes. Windows 98, Windows 98 Second Edition, and Windows Millennium Edition
> are critically affected by this vulnerability. A Critical security update
> for these platforms is available and is provided as part of this security
> bulletin and can be downloaded only from the Windows Update Web site.
> [Emphasis added]
> </quote>
>
> Thanks to all those who called MS at 1-866-PCSAFETY about the bug in
891711
> as released in Feb-05. Your documentation of the problems caused by
891711
> played a major role in getting them fixed.
>
> AFAIK KB891711 should no longer load at Startup and display as a running
> Process.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>

It gave me problems too, I just uninstalled it, and all was good again.
Glad to see they noticed within two weeks.
Mich...

On that special day, David H. Lipman, (DLipman~nospam~@Verizon.Net)
said...

> AFAIK KB891711 should no longer load at Startup and display as a running
> Process.

(sigh of relief) Finally.


Gabriele Neukam




--
Ah, Information. A property, too valuable these days, to give it away,
just so, at no cost.

Gabriele Neukam wrote:
> On that special day, David H. Lipman, (DLipman~nospam~@Verizon.Net)
> said...
>
>
>>AFAIK KB891711 should no longer load at Startup and display as a running
>>Process.
>
>
> (sigh of relief) Finally.
>
>
> Gabriele Neukam
>
>
>
>
That's not the case on my 98Se machine. It's still there.

optikl wrote:
> Gabriele Neukam wrote:
>
>> On that special day, David H. Lipman, (DLipman~nospam~@Verizon.Net)
>> said...
>>
>>
>>> AFAIK KB891711 should no longer load at Startup and display as a running
>>> Process.
>>
>>
>>
>> (sigh of relief) Finally.
>>
>> Gabriele Neukam
>>
>>
> That's not the case on my 98Se machine. It's still there.


I believe the process is hidden from the Windows task manager, but is
still visible from Wintop or other similar applications.


--
-WD

On Wed, 13 Apr 2005 19:26:49 -0400, Will Dormann
<> wrote:

>optikl wrote:
>> Gabriele Neukam wrote:
>>
>>> On that special day, David H. Lipman, (DLipman~nospam~@Verizon.Net)
>>> said...
>>>
>>>> AFAIK KB891711 should no longer load at Startup and display as a running
>>>> Process.
>>>
>>> (sigh of relief) Finally.
>>>
>> That's not the case on my 98Se machine. It's still there.
>
>I believe the process is hidden from the Windows task manager, but is
>still visible from Wintop or other similar applications.

Yes, it shows up in PrcView. Incidentally, WinTop has always caused
problems on my Win98SE installation (having always worked fine on my
old Win95 system). It works OK, but if I recall correctly, problems
always appeared later when I tried to shut down. (I hope this isn't
misleading. I haven't repeated the experiment recently.)

--
Angus Rodgers
(angus_prune@ eats spam; reply to angusrod@)
Contains mild peril