IE gets security makeover in Patch Tuesday batch

[Guest dan]

Does anyone know if this is good for Win 98/IE6.5 ?

[Guest PA Bear]

Re: IE gets security makeover in Patch Tuesday batch

 

Win98 is no longer supported, effective 11Jul-06. No updates for any

application running in Win98 have been released since then and no update for

Win98 will be released in the future.

--

~Robear Dyer (PA Bear)

MS MVP-Windows (IE, OE, Security, Shell/User)

AumHa VSOP & Admin http://aumha.net

DTS-L.ORG http://66.39.69.143/

 

dan wrote:

> Does anyone know if this is good for Win 98/IE6.5 ?

[Guest 98 Guy]

Re: IE gets security makeover in Patch Tuesday batch

 

dan wrote:

> Does anyone know if this is good for Win 98/IE6.5 ?

 

Top-poster PA Bear wrote:

> Win98 is no longer supported, effective 11Jul-06.

 

I think that dan knows that.

 

The question is really -> are the patched vulnerabilities known to

affect win-98?

 

(come on Bear, think outside the box a little)

[Guest MEB]

Re: IE gets security makeover in Patch Tuesday batch

 

 

 

"dan" <nospam@nsm.com> wrote in message

news:%23mGiW2OPIHA.1204@TK2MSFTNGP03.phx.gbl...

| Does anyone know if this is good for Win 98/IE6.5 ?

|

|

 

Let me take the cross road here... I haven't checked what this particular

update supposedly does so I'll speak generally:

 

Having installed some of the supposed modified updates for 9X/IE6, I can

make just a few comments.

 

Though there were some that were useful updates previously, which could be

tested; the latest, from what I can find, have not really been tested

against what they supposedly fix, in the 9X environment.

I can also suggest, that these may actually cause issues within your 9X

system [at least until someone works out the kinks] if you were to attempt a

manual installation.

 

If you want to keep using IE6, do so only when necessary if these

non-updated issues cause you concern.

Many of these updates make changes in the handling of ActiveX, scripting,

and other; which, as you don't have the same versions and other that a

supported system does [other updates have made significant modifications in

the supported OSs], MAY not apply at all, or potentially, could cause

problems in 9X or an application which might be designed for an older

version of a replaced file, or need that ActiveX or scripting function that

was disabled or blocked. The cross modifications and *installation testing*

of these supposed {modified} updates [as was supposedly done when Microsoft

released them for 9X, insert laugh here] is a distinctly small group of

individuals, and Microsoft definitely isn't going to make a hotfix to

correct any errors caused in the 9X system. Note, I'm NOT saying the

modified files are worthless [just not really tested], but any issues that

might pop-up are issues YOU will be fixing.

 

So to state outright that yes they are safe, and needed, and will work

without issue in YOUR particular 9X configuration, would likely be a false

claim by anyone who made that statement. Many of the installation testers

run highly modified systems which will never reflect what a common user

might be running, and likely no one will have your exact application

configuration and needs. Any non-official files are USE AT YOUR OWN RISK.

Moreover, I'd think there is likely no one who can assure that these

modified files do not introduce more security flaws into the 9X environment,

as they are specifically designed for NT based operating systems and

inter-relate to other updates for those OSs.

 

--

MEB

http://peoplescounsel.orgfree.com

________

[Guest 98 Guy]

Re: IE gets security makeover in Patch Tuesday batch

 

Since MEB did not provide any details AT ALL about what he did or what

he knows regarding the recent set of patches, here is what I've found:

 

http://www.microsoft.com/technet/security/bulletin/ms07-dec.mspx

 

Microsoft Security Bulletin MS07-064

Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)

- directX versions 7 through 10 is affected on 2K through

Vista - IE not implicated

- this item is related to or replaces MS05-050

- Windows 9x may benefit from this update

- The file Quartz.dll seems to be the only file updated or

replaced

 

 

Microsoft Security Bulletin MS07-068

Vulnerability in Windows Media File Format Could Allow Remote Code

Execution (941569 and 944275)

- this item is related to, or is an addition to, MS06-078

- this item pertains to Windows Media Format Runtime versions

7.1, 9, and 9.5. Versions 6.x and 4.1 are not affected.

- Win-98 may benefit from the use of win-2k versions

of this patch (testing required)

 

 

Microsoft Security Bulletin MS07-069

Cumulative Security Update for Internet Explorer (942615)

- this seems to be an update to MS07-057

- most of MS07-069 pertains either to IE7 or 64-bit

versions of XP and server 2003

- there *may* be one or two items either in MS07-069

or MS-07-057 that *might* be applicable to win-98

 

 

Microsoft Security Bulletin MS07-063

Vulnerability in SMBv2 Could Allow Remote Code Execution (942624)

(Only pertains to Vista)

 

Microsoft Security Bulletin MS07-065

Vulnerability in Message Queuing Could Allow Remote Code Execution

(937894)

- This pertains to the Message Queuing Service on Win-2K and XP.

- in a previous MS bulletin (MS05-017) MS played it's usual game with

Windows-98 and did not specifically mention if win-98 was

vulnerable,

it only stated explicitly that win-me was not affected.

 

 

Microsoft Security Bulletin MS07-066

Vulnerability in Windows Kernel Could Allow Elevation of Privilege

(943078)

(only pertains to Vista)

 

Microsoft Security Bulletin MS07-067

Vulnerability in Macrovision Driver Could Allow Local Elevation of

Privilege (944653)

- only pertains to XP and Server 2003

- most likely does not pertain to win-9x

[Guest dan]

Re: IE gets security makeover in Patch Tuesday batch

 

Thanx MEB and 98 Guy.... This "common user", lol; will chill

until I've done more 'dd' on the subject. Will update post if I can,

and stick with what at present is a very normal functioning IE 6....

 

 

Once again thanx so much for all your input on/to this Grp.

Have a great Holiday Season ! eom....

 

 

 

"MEB" <meb@not here@hotmail.com> wrote in message

news:%23zItxuVPIHA.5988@TK2MSFTNGP02.phx.gbl...

>

>

> "dan" <nospam@nsm.com> wrote in message

> news:%23mGiW2OPIHA.1204@TK2MSFTNGP03.phx.gbl...

> | Does anyone know if this is good for Win 98/IE6.5 ?

> |

> |

>

> Let me take the cross road here... I haven't checked what this particular

> update supposedly does so I'll speak generally:

>

> Having installed some of the supposed modified updates for 9X/IE6, I can

> make just a few comments.

>

> Though there were some that were useful updates previously, which could

be

> tested; the latest, from what I can find, have not really been tested

> against what they supposedly fix, in the 9X environment.

> I can also suggest, that these may actually cause issues within your 9X

> system [at least until someone works out the kinks] if you were to attempt

a

> manual installation.

>

> If you want to keep using IE6, do so only when necessary if these

> non-updated issues cause you concern.

> Many of these updates make changes in the handling of ActiveX, scripting,

> and other; which, as you don't have the same versions and other that a

> supported system does [other updates have made significant modifications

in

> the supported OSs], MAY not apply at all, or potentially, could cause

> problems in 9X or an application which might be designed for an older

> version of a replaced file, or need that ActiveX or scripting function

that

> was disabled or blocked. The cross modifications and *installation

testing*

> of these supposed {modified} updates [as was supposedly done when

Microsoft

> released them for 9X, insert laugh here] is a distinctly small group of

> individuals, and Microsoft definitely isn't going to make a hotfix to

> correct any errors caused in the 9X system. Note, I'm NOT saying the

> modified files are worthless [just not really tested], but any issues that

> might pop-up are issues YOU will be fixing.

>

> So to state outright that yes they are safe, and needed, and will work

> without issue in YOUR particular 9X configuration, would likely be a false

> claim by anyone who made that statement. Many of the installation testers

> run highly modified systems which will never reflect what a common user

> might be running, and likely no one will have your exact application

> configuration and needs. Any non-official files are USE AT YOUR OWN RISK.

> Moreover, I'd think there is likely no one who can assure that these

> modified files do not introduce more security flaws into the 9X

environment,

> as they are specifically designed for NT based operating systems and

> inter-relate to other updates for those OSs.

>

> --

> MEB

> http://peoplescounsel.orgfree.com

> ________

>

>

>

>

>

[Guest MEB]

Re: IE gets security makeover in Patch Tuesday batch

 

 

 

"98 Guy" <98@Guy.com> wrote in message news:47615105.55F5B710@Guy.com...

| Since MEB did not provide any details AT ALL about what he did or what

| he knows regarding the recent set of patches, here is what I've found:

|

| http://www.microsoft.com/technet/security/bulletin/ms07-dec.mspx

 

Oops, forgot to post the bulletin, thanks for the headsup. See new

Cumulative Security post for additional links and/or information.

 

|

| Microsoft Security Bulletin MS07-064

| Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)

| - directX versions 7 through 10 is affected on 2K through

| Vista - IE not implicated

| - this item is related to or replaces MS05-050

| - Windows 9x may benefit from this update

| - The file Quartz.dll seems to be the only file updated or

| replaced

|

|

| Microsoft Security Bulletin MS07-068

| Vulnerability in Windows Media File Format Could Allow Remote Code

| Execution (941569 and 944275)

| - this item is related to, or is an addition to, MS06-078

| - this item pertains to Windows Media Format Runtime versions

| 7.1, 9, and 9.5. Versions 6.x and 4.1 are not affected.

| - Win-98 may benefit from the use of win-2k versions

| of this patch (testing required)

|

|

| Microsoft Security Bulletin MS07-069

| Cumulative Security Update for Internet Explorer (942615)

| - this seems to be an update to MS07-057

| - most of MS07-069 pertains either to IE7 or 64-bit

| versions of XP and server 2003

| - there *may* be one or two items either in MS07-069

| or MS-07-057 that *might* be applicable to win-98

|

|

| Microsoft Security Bulletin MS07-063

| Vulnerability in SMBv2 Could Allow Remote Code Execution (942624)

| (Only pertains to Vista)

|

| Microsoft Security Bulletin MS07-065

| Vulnerability in Message Queuing Could Allow Remote Code Execution

| (937894)

| - This pertains to the Message Queuing Service on Win-2K and XP.

| - in a previous MS bulletin (MS05-017) MS played it's usual game with

| Windows-98 and did not specifically mention if win-98 was

| vulnerable,

| it only stated explicitly that win-me was not affected.

|

|

| Microsoft Security Bulletin MS07-066

| Vulnerability in Windows Kernel Could Allow Elevation of Privilege

| (943078)

| (only pertains to Vista)

|

| Microsoft Security Bulletin MS07-067

| Vulnerability in Macrovision Driver Could Allow Local Elevation of

| Privilege (944653)

| - only pertains to XP and Server 2003

| - most likely does not pertain to win-9x

 

So from what you have posted, it appears that three MAY be of use depending

upon what the individual user might be using or have installed.

 

--

MEB

http://peoplescounsel.orgfree.com

________