re: kb891711 in tasklist ??? - YES
Sunday, March 13, 2005 at 12:11 am
Windows Me Annoyances Discussion Forum
Posted by Jack Gulley
(5917 messages posted)
Sorry about the delay, but this has taken most of the evening to research. Short
answer, YES - believe it!
Microsoft had announce last week that there would be no new Security Updates
released this month. So most people were not looking for any updates this week (including
me). However, they said nothing about not releasing some of the old MWA
(Missing Without Action) Security Updates that they had published, with workarounds,
and that patches for selected systems (XP SP2) had already been released.
They just updated the prior notices to include Windows 98/ME and provided the
MWA Security Updates for these systems.
Looking into the details of the problems being fixed, I can understand what it
might take to fix them, and the delay in getting the fix out.
The notice MS05-002
- Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution
(891711) was just updated to include additional details about the exposures and
fix releases for Windows 98/ME.
The problems being fixed also apply to a number of older versions of OutLook based
e-mail program and other MS applications which are not supported with updates, and
that could be installed on many systems. The fix also would require an update to
the Windows 98/ME kernel module, something difficult to do and control. It would
be almost impossible for them to provide the fixes for all of the effected programs.
The solution is to install a new module that checks for the different exploits and
blocks them.
This requires a new Startup entry to start the code on Windows 98/ME systems,
and the module showing up in Task Manager. Sort of like an Anti-Virus/Firewall program,
except for HTML code processors (IE, e-mail, and Cursor handlers). The fix creates
a new folder in the C:\Windows\System folder to contain the patch and from where
it is loaded during startup. A real pain for us, but necessary to fix all of the
known exposures. (Also allows them a simple way to put out additional fixes
for new problems, by updating this programs DLL module, instead of patches to other
large modules.)
The alternative to using this "critical" fix, is to view all e-mail only in
text format (no images or icons) for all Microsoft e-mail viewing programs and
never click on any included link. And in IE to block displaying all images and never
clicking on icons or using action cursors provided by web sites. Having the older
Security fixes installed helps avoid some of the problems, but this fix is required
to deal with a very real security exposure.
Take the time to read through the above MS05-002
notice and expand all details of it.
And from now on, consider it normal to see KB891711 (or its replacement)
in the Windows 98/ME startup list and in HijackThis logs. In fact, consider it a
security risk (and possible infection) not to see it in these
lists.
|
All messages in this thread [show all]
 |  | re: kb891711 in tasklist ??? - YES (Jack Gulley: Sun, Mar 13, 2005, 12:11 am) |
| |
| |
| |
Return to the Windows Me Discussion Forum
|
|
