Jump to content

06-015 (Q908531) still not up on WU, but...


Recommended Posts

Here's one of the places that tests these things for M$: www.oit.gatech.edu.

So therefore, try this link,

http://www.oit.gatech.edu/css_csr/microsof..._of_patches.cfm

and select 11APRIL....

Well lookee there, there's our friendly Q908531

http://www.microsoft.com/technet/security/...n/MS06-015.mspx

I wonder if maybe they have some Win98SE info???? :)

**********

BTW, in case you haven't heard,

MS06-020 - Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (913433) - only works for IE! If you use any other browser you must go to the Adobe page to install version 8,0,24,0.

Test your Flash here:

http://www.adobe.com/products/flash/about/

Finally, I am updating the list of WIN98SE updates on my page, and should have it finished by Saturday.

http://www.emarkay.com/win98se/windowsupdatedata.html

There are a few errors, additions and the like...

Edited by emarkay
Link to comment
Share on other sites


Here's one of the places that tests these things for M$: www.oit.gatech.edu.

So therefore, try this link,

http://www.oit.gatech.edu/css_csr/microsof..._of_patches.cfm

and select 11APRIL....

Well lookee there, there's our friendly Q908531

http://www.microsoft.com/technet/security/...n/MS06-015.mspx

I wonder if maybe they have some Win98SE info???? :)

**********

BTW, in case you haven't heard,

MS06-020 - Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (913433) - only works for IE! If you use any other browser you must go to the Adobe page to install version 8,0,24,0.

Test your Flash here:

http://www.adobe.com/products/flash/about/

Finally, I am updating the list of WIN98SE updates on my page, and should have it finished by Saturday.

http://www.emarkay.com/win98se/windowsupdatedata.html

There are a few errors, additions and the like...

yeah no duh I already mentioned about the Flash Player KB913433 update at the "98 FE + 98 SE + ME updates + patches + (hot)fixes" topic.

part of my quote from one of my recent posts at the 98fe/98se/ME updates topic:

Yup, the KB913433 update installs Macromedia Flash Player v6.0.84 ONLY if you have a version of Flash Player earlier than that (such has Flash 5 or earlier builds of Flash 6). It will NOT work if you have Flash Player 7 or greater (or no Flash Player installed). those using Flash Player 7 should install Flash Player 7.0.63 to fix the latest security problems. And those using Flash Player 8 should upgrade to Flash Player 8.0.24.

if you have no version of Flash Player installed in the \system\Macromed\ folder or \system32\Macromed\ folder (or if any of those folders do not exist), extract the INSTALL_FP6_WU.EXE file from the KB913433 patch and run the INSTALL_FP6_WU.EXE file to install Flash Player 6.0.84.

sorry, no KB908531 MS06-015 updates for Win98/ME posted at WU yet. check back in mid-June or even on July 11 to see if they're available.

Edited by erpdude8
Link to comment
Share on other sites

Isn't 908531 an update that will give us a whole lot of grief because it must change SHELL32.DLL?

[if so, affects 98lite, all the work to patch shell32.dll currently cosmetically and with regard to imbedded icons and transparent icon support, etc.]

cjl (with sense of impending dread)

Link to comment
Share on other sites

It corrects a security issue in the Windows Explorer and such updates are not often released

for Windows 98 since there is only extended support for win98 and those issues where mostly not rated as critical from MS.

In other words it closes a security risk in the nearly always used Windows Explorer.

I am rather doubt about that Microsoft will still release an update because

they would have to change the shell32.dll from a 9x system which I think is unlikely because it isn't programmed in the same way as in NT line and therefore they have maybe already forgotten it.

Link to comment
Share on other sites

i think if Microsoft do release it

its gonna be July 10, 2006 @ 11:59pm

because on July 11, 2006 they end support.

ANd if its broke they won't fix it.

yeah good one, PROBLEMCHYLD! assuming MS doesnt release the KB908531 patches for win98/me in mid-june they might post it up on july 11. or maybe MS wont release KB908531 for 98/ME at all once they end support for 98/ME on July 11.

Link to comment
Share on other sites

I have wrote Microsoft but they only told me something I already knew.

> -----Original Message-----

> From: winxpi@hotmail.com [mailto:winxpi@hotmail.com]> Sent: Thursday 25 May 2006 11:06

> To: Microsoft Security Response Center

> Subject: (Welcome to the Microsoft Security Response Center Blog!) :

> Windows 98 MS06-015

> Importance: High

> Hi,

>

> what is know about the ms06-015 security vulnerability in Windows 98?

>

> If read it will only be available on Windows update.But its not there

> yet.

>

> Do you know when it will be released or something other important.

>

>

>

> Best regards

>

> Frank

>

And this is what the m***er f***er answered(and we all already knew since last month):

----------------------------------

> Subject: RE: (Welcome to the Microsoft Security Response Center Blog!) : Windows 98 MS06-015

> Date: Thu, 25 May 2006 11:17:39 -0700

> From: secure@microsoft.com

> To: winxpi@hotmail.com

> CC: secure@microsoft.com

>

> Critical security updates for these operating systems may not be

> available at the same time as the other security updates are included

> with this security bulletin. They will be made available as soon as

> possible following the release. When these security updates are

> available, you will be able to download them only from the Windows

> Update Web site.

>

Wooow I would have never expected that the update will not be available for Windows 98 at the same time -stupid copy&paste M$ idi0t.

How incompetent can people be that they just copy&paste an old answer that everybody knows instead of writing something that would be new.

Btw Frank is not my real name if you think so.

Edited by winxpi
Link to comment
Share on other sites

well forget it, winxpi. the KB908531/MS06-015 security updates for Windows 98 & Millennium are NOT yet available for Windows Update and my guess is that Microsoft has NOT even created them yet. Check back at the Windows Update site in the middle of June or even on July 11 to see if they'll be ready by then.

perhaps M$ did forget about the 9xME code!

Link to comment
Share on other sites

  • 2 weeks later...

And see what they say about it now.

If Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) are listed as an affected product, why is Microsoft not issuing security updates for them?

During the development of Windows 2000, significant enhancements were made to the underlying architecture of Windows Explorer. The Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Windows Explorer architecture is much less robust than the more recent Windows architectures. Due to these fundamental differences, after extensive investigation, Microsoft has found that it is not feasible to make the extensive changes necessary to Windows Explorer on Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) to eliminate the vulnerability. To do so would require reengineer a significant amount of a critical core component of the operating system. After such a reengineering effort, there would be no assurance that applications designed to run on these platforms would continue to operate on the updated system.

Microsoft strongly recommends that customers still using Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) protect those systems by placing them behind a perimeter firewall which is filtering traffic on TCP Port 139.

link:

http://www.microsoft.com/technet/security/...Date=2006-04-11

Seems that the support for Win98/ME has ended already. :(

Link to comment
Share on other sites

Also here:

http://blogs.technet.com/msrc/archive/2006/06/09/434300.aspx

I guessed it that M$ would be too lazy for it.

Here they confirm my claime:

This is because during the development of Windows 2000, we made significant enhancements to the underlying architecture of Windows Explorer.

Due to these fundamental differences, these changes would require reengineering a significant amount of a critical core component of the operating system.

Whe should write complaine e-mails to Microsoft about that.

Edited by winxpi
Link to comment
Share on other sites

Minor good news consequence:

At least we won't have to deal with all of the logistics regarding the replacement of shell32.dll, stemming from 313929 and all of that patching for themes/icons, transparent icons, etc.

A dumb question:

The official shell32.dll is distributed in Q313829, and is indicated as an NT4.0 file. Perchance, was/is there a newer version within the NT 4.0 world? Would any such thing work? Any reason not to search for one?

cjl

ps: M$'s noise about reengineering excuses: What, if anything was broken when 313829 replaced the original pre-313829? [From MS's vantage point, so disregard the transparency icon stuff]. If they did it correctly, wouldn't it just break stuff depending on the net port specfically? [and that's the point, isn't it?]

Link to comment
Share on other sites

Minor good news consequence:

At least we won't have to deal with all of the logistics regarding the replacement of shell32.dll, stemming from 313929 and all of that patching for themes/icons, transparent icons, etc.

A dumb question:

The official shell32.dll is distributed in Q313829, and is indicated as an NT4.0 file. Perchance, was/is there a newer version within the NT 4.0 world? Would any such thing work? Any reason not to search for one?

cjl

ps: M$'s noise about reengineering excuses: What, if anything was broken when 313829 replaced the original pre-313829? [From MS's vantage point, so disregard the transparency icon stuff]. If they did it correctly, wouldn't it just break stuff depending on the net port specfically? [and that's the point, isn't it?]

Well, if shell32.dll is indeed based on some NT version it should be possible to create a patch for it, comparing the changes Microsoft made between patched and unpatched dll on example Windows 2000. Reverse engineering is necessary but I think it should not be a big deal, since only changes applied would be to make things more compatible and secure.

Look at the Unofficial patches already created, like KB891711 for example. It's possible.

Furthermore this security Flaw is very dangerous since it affects all Windows OS.

I think Microsoft won't bring out a patch for Windows 98 is that they don't have to create support for this new update.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...