Jump to content

Latest IE6 (SP1) Security Update for Win 9x/ME


Dave-H

Recommended Posts

Last IE6SP1 update for Win 2000 SP4 released and working fine on Win 98 SE here!

17 "new" files to install, but danim.dll and tdc.ocx don't show any difference.

Links:

Download details Update for Internet Explorer 6 SP1 (KB978207)

Microsoft Security Bulletin MS10-002 - Critical Cumulative Security Update for Internet Explorer (978207)

Enjoy! :)

That's nice to hear, CharlesF. Let's tell MDGx about this so that he can create a new unofficial IE6 SP1 cumulative update for Win98/ME/NT4.

@CharlesF

Yes, the new update seems to work fine under Windows 98SE.

:thumbup

Doesn't seem to include SHLWAPI.DLL for the first time that I can remember, but as you say adds TDC.OCX instead.

Still only 16 files to patch then, not 17.

@cluberti

I take it from what you say that this is the reason why no-one to my knowledge has ever got IE6 SP2, let alone IE7 or IE8, to work on Windows 2000.

A shame, but I guess it's just not possible.

:(

unfortunately, Dave-H, that's the sad truth. not even blackwingcat can make IE6 SP2, IE7 or IE8 work under Win2000.

IE6 in this scenario is actually IE6 on XPSP2 or XPSP3 - IE6 SP1 is actually the IE6 tree from the XPSP1 codebase that was used to backport IE6 to Windows 2000, and is actually at this point a fairly different browser than IE6 on XPSP2 or XPSP3 (the rendering engine is basically the same, but the rest of the browser, including the security model, is not). They denote IE6 SP1 specifically for this reason, but call IE6 on XPSP2 or SP3 just "IE6".

IE6 SP1 support for Win2000 SP4 will end in mid-July 2010, cluberti. read 'em and weep, 98/ME users.

I've copied files from an XP SP3 source with that version of IE, and the only file I've had issues with is browseui.dll (which hasn't been updated since SP3 was released, therefore not containing any security fixes for quite some time), and I've had no issues with said system.

Link to comment
Share on other sites


There is an automated installer (MDIE6CU) created using MS Iexpress by 1 of our own, which installs all these Win2000 IE 6.0 SP1 files on Windows 98 SE:

http://www.msfn.org/board/index.php?showtopic=97816

All language editions are also here [German installer is older = installs patched files from an older MS security bulletin]:

http://www.mdgx.com/ietoy.htm#ICU

HTH

Link to comment
Share on other sites

  • 3 weeks later...
  • 1 month later...

Is there anything we can use for Windows 9x-Me, from the last bloated Tuesday patch of MS?

Could it be something from KB978262 (Cumulative Security Update of ActiveX Kill Bits), and how to do it?

bump.

They were that update MS10-008: Cumulative Security Update of ActiveX Kill Bits (978262).

Is it useful to apply it on Windows 98SE? Any idea?

Can we just copy all kill bits in the 'update.inf' file, or can we do better?

Link to comment
Share on other sites

update MS10-008: Cumulative Security Update of ActiveX Kill Bits (978262).

Is it useful to apply it on Windows 98SE?

For who is concerned, those killbits are blocking specific exploits in mentioned softwares:

HP Instant Support, Aurigma Image Uploader, Symantec WinFax Pro, Google Desktop Gadget, Facebook Photo Updater, PandaActiveScan Installer, ...

[see KB953839 & KB978262],

but not malwares.

You can copy the 196 Clsid (or part of them) in the 'update.inf' file.

Link to comment
Share on other sites

  • 2 weeks later...

This must be a critical fix for them to release it outside the normal cycle and not wait until patch Tuesday of April 2010.

I wondered about that too.

They also released an equivalent patch for IE8, which I'm now using on XP.

Thanks for the heads-up about the new patch for IE6 SP1 CharlesF.

I don't get a notification now I'm not running Windows 2000 any more.

:)

Edited by Dave-H
Link to comment
Share on other sites

This must be a critical fix for them to release it outside the normal cycle and not wait until patch Tuesday of April 2010.

More details on their blog:

Today we released MS10-018 out-of-band due to increases in attacks against Internet Explorer 6 and Internet Explorer 7 using the vulnerability discussed in Security Advisory 981374.

...was originally going to be released during the normal update cycle on the 13th of April. The Internet Explorer team accelerated testing of this update due to the growing attacks against the publicly disclosed vulnerability (CVE-2010-0806)

...and provides users of all versions of Internet Explorer protection against nine other vulnerabilities.

:)

Link to comment
Share on other sites

Guest wsxedcrfv

Regarding MS10-018...

Apparently, some people make use of the key-combination "Control - Enter" in IE6. This seems to perform a URL auto-complete function - eg: enter "google" into your IE6 address bar and press the control-enter key combination. A "www." and ".com" will be added to "google" so that your address bar will now have "www.google.com". I can confirm that this indeed does happen on a non-patched win-98 system, both in IE6 and FireFox 2.0.0.20. I have seen one report where this control-enter function no longer works when this IE rollup is performed on win-98. No idea if it's this particular IE6 update that breaks this functionality, or some previous one.

Link to comment
Share on other sites

I have seen one report where this control-enter function no longer works when this IE rollup is performed on win-98.

Just tried it in Win 98 SE, with either IE6 SP1 fully patched including MS10-018, Maxthon and last Opera.

Ctrl+Enter is working like a charm :) with the 3 browsers.

Link to comment
Share on other sites

  • 1 month later...

Slightly off-topic, but I thought that anyone subscribed to this thread might be interested to know that the files from the just issued KB978542 security patch for Outlook Express SP3 on Windows 2000 seem to work fine on Windows 98SE.

Get it here -

http://www.microsoft.com/downloads/details.aspx?familyid=CDA75174-B535-4559-A52D-B5EC3A1DF349&displaylang=en

:)

Link to comment
Share on other sites

Slightly off-topic, but I thought that anyone subscribed to this thread might be interested to know that the files from the just issued KB978542 security patch for Outlook Express SP3 on Windows 2000 seem to work fine on Windows 98SE.

Get it here -

http://www.microsoft.com/downloads/details.aspx?familyid=CDA75174-B535-4559-A52D-B5EC3A1DF349&displaylang=en

:)

Thanks Dave-H. I was wondering about that. I updated the 17 files from KB978542 (excluding iecustom.dll) and Outlook Express 6.0 seems to work fine.

Edited by Prozactive
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...