Jump to content

Ms06-015 Patch-> win 2000 shell32.dll ?

winxpi

By winxpi
in Windows 9x Member Projects

 Share

Recommended Posts

winxpi

winxpi

Posted
Posted (edited)

Is it possible to use the Windows 2000 files from the ms06-015

patch to fix the flaw in win98 because this could also patch the 2 GB file copy limit (KB318293) .

So even if it's not possible is there a way to create an unofficial ms06-015 patch for win98/me ,anyway?

Is someone maybe working on this?

I believe it could at least function to replace the Windows ME shell32.dll with the 2K one,has somebody tried it,yet?

Edited by winxpi
Link to comment
Share on other sites

Tihiy

Tihiy

Posted
Posted

Well, i've explored this, and found that it is not possible to use 2000' shell32.dll, but it is possible to make a patch for 98 and Me using same algorithms [unlike what M$ tells].

I could probably do it but i lack motivation.

Link to comment
Share on other sites
winxpi

winxpi

Posted
  • Author
Posted (edited)
Well, i've explored this, and found that it is not possible to use 2000' shell32.dll, but it is possible to make a patch for 98 and Me using same algorithms [unlike what M$ tells].

I could probably do it but i lack motivation.

Maybe with some $$ M$ will tell us the algorithm. :)

This is because during the development of Windows 2000, we made significant enhancements to the underlying architecture of Windows Explorer.

Due to these fundamental differences, these changes would require reengineering a significant amount of a critical core component of the operating system.

Before they never cared about possible new issues that could result by installing a patch.

M$ was just to lazy to make a fix in my opinion(maybe they thought they would have to make a second patch for Windows 98/ME too like for 2000/XP).

One more thing... Windows ME and 2000 don't they have a similar architecture of Windows Explorer?

*Motivation* :thumbup >>Tihiy

Please all motivate Tihiy!

Edited by winxpi
Link to comment
Share on other sites
the_guy

the_guy

Posted
Posted

I think it would be a great idea. 1 quick suggestion though Tihiy. Could you also use the fixes from MS04-024, MS04-037, MS05-008, MS05-016 (ignore shlwapi.dll and sp3res.dll in the 2000 fix) and MS05-024 in the patch you make? It's just so that 98/ME will not be vulnerable to those flaws as well. That is just a suggestion as 98/ME are vulnerable to those flaws as well.

This is most likely impossible to do. If not, I think it would be an excellent thing to do for the users of 98/ME.

the_guy

Link to comment
Share on other sites
Tihiy

Tihiy

Posted
Posted

Well, i've quickly explored other vulnerabilities and can say:

MS04-024 - probably can be fixed, but it is controversal;

MS04-037 - can be fixed simply;

MS05-008 - not sure if it can be fixed but it is better to not use IE;

MS05-016 - not sure if it can be fixed but it is better to not use msHTA;

MS05-024 - can be fixed for ME by using 2000 patch.

Link to comment
Share on other sites
winxpi

winxpi

Posted
  • Author
Posted (edited)
Ok. Does it matter that the 2000 version of webvw.dll lower than the version for ME?

the_guy

Maybe you get an error message ,but what you can do to avoid this is changing the version to a higher one with "Resource Hacker" for example.

Edited by winxpi
Link to comment
Share on other sites
Acheron

Acheron

Posted
Posted (edited)

I hope these fixes can get patched properly on Windows 98. Especially the Shell32.dll and Explorer.exe patches are important. One is even listed as critical!

On Secunia.com is a nice overview of current vulnerabilities in all Windows OS's.

Here's current graph with Secunia advisories for Windows 98 and for Windows XP:

Windows 98SE:

sec_graph98.png

Windows XP Professional:

sec_graphXP.png

As you can see most vulnerabilities for Windows 98SE were issued in 2005.

Edited by hp38guser
Link to comment
Share on other sites
LLXX

LLXX

Posted
Posted
Is it possible to use the Windows 2000 files from the ms06-015

patch to fix the flaw in win98 because this could also patch the 2 GB file copy limit (KB318293)

I don't think ms06-015 is that "critical", but I'm considering fixing the 2GB limit as my next project (currently Enable48BitLBA hasn't finalised yet) :)
Link to comment
Share on other sites
erpdude8

erpdude8

Posted
Posted (edited)

well it is too bad after MS02-014 shell32.dll fix for Win98/NT4 was released, TweakUI can no longer change the shortcut arrows on shortcut icons. That should no longer be a big issue as I can use Resource Hacker to either remove the shortcut arrows or even change the shortcut arrows to light arrows on the Q313829 shell32.dll file for Win98/NT4.

nice graph charts, hp38guser.

Well, i've quickly explored other vulnerabilities and can say:

MS04-024 - probably can be fixed, but it is controversal;

MS04-037 - can be fixed simply;

MS05-008 - not sure if it can be fixed but it is better to not use IE;

MS05-016 - not sure if it can be fixed but it is better to not use msHTA;

MS05-024 - can be fixed for ME by using 2000 patch.

MS05-008 & MS05-016 vulnerabilities for Win98/ME can NOT be fixed. For MS05-024 the vulnerability might also be fixed for Win98 SE since Win98se originally has webvw.dll version 5.00.0312.0.

BTW - MS05-049 shell vulnerabilities can NOT be patched for Win98/ME because they're unaffected [duh!]

Edited by erpdude8
Link to comment
Share on other sites
erpdude8

erpdude8

Posted
Posted (edited)

Ok. Does it matter that the 2000 version of webvw.dll lower than the version for ME?

the_guy

Maybe you get an error message ,but what you can do to avoid this is changing the version to a higher one with "Resource Hacker" for example.

winxpi has got a point. You may want to change the webvw.dll file version number from 5.00.3900.7036 to 5.50.4134.7036. I've just tested it on my WinME computer in my bedroom and things seem to be working okay. try using that file under Win98se to see if it'll work there.

Edited by erpdude8
Link to comment
Share on other sites
Tihiy

Tihiy

Posted
Posted
winxpi has got a point. You may want to change the webvw.dll file version number from 5.00.3900.7036 to 5.50.4134.7036. I've just tested it on my WinME computer in my bedroom and things seem to be working okay. try using that file under Win98se to see if it'll work there.

It won't work under clean 98 because of some dependancies, however it may work with Kernel Update.

So do you guys want me to try fixing MS06-15 for WinME?

Link to comment
Share on other sites
the_guy

the_guy

Posted
Posted

Ya. That way it will be more secure.

Also, if you patch MS04-024/MS04-037, that would be appreciated. The version of grpconv.exe included in the 2000 update also works on a 98SE system.

the_guy

Link to comment
Share on other sites
erpdude8

erpdude8

Posted
Posted (edited)
Also, if you patch MS04-024/MS04-037, that would be appreciated. The version of grpconv.exe included in the 2000 update also works on a 98SE system.

the_guy

NOT TRUE! Grpconv.exe from Win2k MS04-037 update CRASHES on Win98/ME systems as I've tested for myself.

Edited by erpdude8
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...