Critical Updates Missing in SP 2.0 RC3

[*~*WiseWords]

After installing the Unofficial Updates, (SP 2.0 RC3),

I checked for updates on the Microsoft site.

They found six critical updates !

Two are for WMP, which is not included

with the unofficial updates, but the

the other 4 should have been included.

Is there a reason why they were left out?

These are the listed updates that Microsoft

says I need:

-Security Updates-

Affected Software for all of the Critical Updates:

Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE),

and Microsoft Windows Millennium Edition (ME),

Win2000, WinXP

--------------------

1. KB888113

176 KB

Microsoft Security Bulletin MS05-015

Vulnerability in Hyperlink Object Library

Could Allow Remote Code Execution (888113)

Issued: February 8, 2005

Updated: March 8, 2005

Version: 1.2

If a user is logged on with administrative user rights,

an attacker who successfully exploited this vulnerability

could take complete control of an affected system.

------------------

2. KB891711

149 KB

Microsoft Security Bulletin MS05-002

Vulnerability in Cursor and Icon Format Handling

Could Allow Remote Code Execution (891711)

Issued: January 11, 2005

Updated: March 8, 2005

Version: 1.2

An attacker who successfully exploited

the most severe of these vulnerabilities

could take complete control of an affected system,

install programs; view, change, or delete data;

or create new accounts that have full privileges.

We recommend that customers apply the update immediately.

(I see that there may be problems with this patch,

but there can also be problems without using it.

What to do?)

-----------------

3. KB891781

152 KB

Microsoft Security Bulletin MS05-013

Vulnerability in the DHTML Editing Component ActiveX Control

Could Allow Remote Code Execution (891781)

Issued: February 8, 2005

Updated: February 15, 2005

Version: 1.1

Another "complete control of an affected system" vulnerability.

--------------------------------

4. 816093 - Microsoft VM

-5.1 MB

Microsoft Security Bulletin MS03-011

Flaw in Microsoft VM Could Enable System Compromise (816093)

Use Microsoft VM build 3810---a new release of the Microsoft VM.

Originally posted: April 09, 2003

Updated: April 13, 2003

This vulnerability could enable an attacker to

construct a malicious Java applet.

-------------------------------

5. Q320920 - WMP 6.4

June 26, 2002 - When reinstalling WIN98 SE from a disk,

do this update if keeping WMP 6.4 .

Not included on the Unoffical update.

--------------------------------------------------

6.Security Update, November 20, 2001

This update resolves the "Windows Media Player .asf

processor contains unchecked buffer" security vulnerability

in Windows Media Player,

Windows Millennium Edition (Windows Me), and Windows 2000,

and is discussed in Microsoft Security Bulletin MS01-056.

Download now to help prevent a malicious user from

running code of his or her choice on your computer.

The vulnerability is the result of an unchecked buffer

in a section of Windows Media Player that handles .asf files.

This update eliminates the vulnerability by correctly processing .asf files.

This update applies to any Windows operating system running:

Windows Media Player 7.1

Windows Media Player 7.0

Windows Media Player 6.4

This update also applies to the following operating systems

with or without Windows Media Player:

Windows 2000

Windows Me

[randiroo76073]

I can't address all, but KB891711 has been found to have probs. It causes BSODs on alot of puters and is flawed, even MS acknowledges there are probs with it.

[ssmokee]

I asked Gape the same question about the Microsoft VM (Q816093). You can see his reply here.

[erpdude8]

randiroo76073 is right on with KB891711; causes major BSOD problems at Windows startup, especially if using certain firewall or proxy software installed.

See these web sites on the problems KB891711 causes for W98/ME systems:

http://www.dslreports.com/forum/remark,12905229~mode=flat

http://www.dslreports.com/forum/remark,12875676~mode=flat

Hopefully the KB891781 and KB888113 W98 patches will be included either in 2.0 RC4 or 2.0 final. Let's see if Gape will include them if he can respond to this topic.

[Gape]

randiroo76073 is right on with KB891711; causes major BSOD problems at Windows startup, especially if using certain firewall or proxy software installed.

Hopefully the KB891781 and KB888113 W98 patches will be included either in 2.0 RC4 or 2.0 final.  Let's see if Gape will include them if he can respond to this topic.

<{POST_SNAPBACK}>

891781 looks like IE specific update. So, it will not be in the SP 2.0.

888113 will be in the SP 2.0. Probably, Tihiy's fix for 871711 will be in the SP 2.0, too.