re: kb891711 in tasklist ??? - YES
Sunday, March 13, 2005 at 1:12 pm
Windows Me Annoyances Discussion Forum
Posted by hugo defreyne
(2 messages posted)
This KB891711 is causing "blue screen" error when you try to start an internet connection
thru ADSL enternet 300 software
On Sunday, March 13, 2005 at 12:11 am, Jack Gulley wrote:
>Sorry about the delay, but this has taken most of the evening to research. Short
>answer, YES - believe it!
> Microsoft had announce last week that there would be no new Security Updates
>released this month. So most people were not looking for any updates this week (including
>me). However, they said nothing about not releasing some of the old MWA
>(Missing Without Action) Security Updates that they had published, with workarounds,
>and that patches for selected systems (XP SP2) had already been released.
> They just updated the prior notices to include Windows 98/ME and provided the
>MWA Security Updates for these systems.
> Looking into the details of the problems being fixed, I can understand what it
>might take to fix them, and the delay in getting the fix out.
> The notice MS05-002
>- Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution
>(891711) was just updated to include additional details about the exposures
and
>fix releases for Windows 98/ME.
> The problems being fixed also apply to a number of older versions of OutLook
based
>e-mail program and other MS applications which are not supported with updates, and
>that could be installed on many systems. The fix also would require an update to
>the Windows 98/ME kernel module, something difficult to do and control. It would
>be almost impossible for them to provide the fixes for all of the effected programs.
>The solution is to install a new module that checks for the different exploits and
>blocks them.
> This requires a new Startup entry to start the code on Windows 98/ME systems,
>and the module showing up in Task Manager. Sort of like an Anti-Virus/Firewall program,
>except for HTML code processors (IE, e-mail, and Cursor handlers). The fix creates
>a new folder in the C:\Windows\System folder to contain the patch and from where
>it is loaded during startup. A real pain for us, but necessary to fix all of the
>known exposures. (Also allows them a simple way to put out additional fixes
>for new problems, by updating this programs DLL module, instead of patches to other
>large modules.)
> The alternative to using this "critical" fix, is to view all e-mail only in
>text format (no images or icons) for all Microsoft e-mail viewing programs and
>never click on any included link. And in IE to block displaying all images and never
>clicking on icons or using action cursors provided by web sites. Having the older
>Security fixes installed helps avoid some of the problems, but this fix is required
>to deal with a very real security exposure.
> Take the time to read through the above MS05-002
>notice and expand all details of it.
> And from now on, consider it normal to see KB891711 (or its replacement)
>in the Windows 98/ME startup list and in HijackThis logs. In fact, consider it a
>security risk (and possible infection) not to see it in these
>lists.
|
All messages in this thread [show all]
 | |  | re: kb891711 in tasklist ??? - YES (hugo defreyne: Sun, Mar 13, 2005, 1:12 pm) |
| |
| |
| |
Return to the Windows Me Discussion Forum
|
|
