IE gets security makeover in Patch Tuesday batch

P

PA Bear

Win98 is no longer supported, effective 11Jul-06. No updates for any
application running in Win98 have been released since then and no update for
Win98 will be released in the future.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)
AumHa VSOP & Admin http://aumha.net
DTS-L.ORG http://66.39.69.143/

dan wrote:
> Does anyone know if this is good for Win 98/IE6.5 ?
 
9

98 Guy

dan wrote:

> Does anyone know if this is good for Win 98/IE6.5 ?


Top-poster PA Bear wrote:

> Win98 is no longer supported, effective 11Jul-06.


I think that dan knows that.

The question is really -> are the patched vulnerabilities known to
affect win-98?

(come on Bear, think outside the box a little)
 
M

MEB

"dan" <nospam@nsm.com> wrote in message
news:%23mGiW2OPIHA.1204@TK2MSFTNGP03.phx.gbl...
| Does anyone know if this is good for Win 98/IE6.5 ?
|
|

Let me take the cross road here... I haven't checked what this particular
update supposedly does so I'll speak generally:

Having installed some of the supposed modified updates for 9X/IE6, I can
make just a few comments.

Though there were some that were useful updates previously, which could be
tested the latest, from what I can find, have not really been tested
against what they supposedly fix, in the 9X environment.
I can also suggest, that these may actually cause issues within your 9X
system [at least until someone works out the kinks] if you were to attempt a
manual installation.

If you want to keep using IE6, do so only when necessary if these
non-updated issues cause you concern.
Many of these updates make changes in the handling of ActiveX, scripting,
and other which, as you don't have the same versions and other that a
supported system does [other updates have made significant modifications in
the supported OSs], MAY not apply at all, or potentially, could cause
problems in 9X or an application which might be designed for an older
version of a replaced file, or need that ActiveX or scripting function that
was disabled or blocked. The cross modifications and *installation testing*
of these supposed {modified} updates [as was supposedly done when Microsoft
released them for 9X, insert laugh here] is a distinctly small group of
individuals, and Microsoft definitely isn't going to make a hotfix to
correct any errors caused in the 9X system. Note, I'm NOT saying the
modified files are worthless [just not really tested], but any issues that
might pop-up are issues YOU will be fixing.

So to state outright that yes they are safe, and needed, and will work
without issue in YOUR particular 9X configuration, would likely be a false
claim by anyone who made that statement. Many of the installation testers
run highly modified systems which will never reflect what a common user
might be running, and likely no one will have your exact application
configuration and needs. Any non-official files are USE AT YOUR OWN RISK.
Moreover, I'd think there is likely no one who can assure that these
modified files do not introduce more security flaws into the 9X environment,
as they are specifically designed for NT based operating systems and
inter-relate to other updates for those OSs.

--
MEB
http://peoplescounsel.orgfree.com
________
 
9

98 Guy

Since MEB did not provide any details AT ALL about what he did or what
he knows regarding the recent set of patches, here is what I've found:

http://www.microsoft.com/technet/security/bulletin/ms07-dec.mspx

Microsoft Security Bulletin MS07-064
Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)
- directX versions 7 through 10 is affected on 2K through
Vista - IE not implicated
- this item is related to or replaces MS05-050
- Windows 9x may benefit from this update
- The file Quartz.dll seems to be the only file updated or
replaced


Microsoft Security Bulletin MS07-068
Vulnerability in Windows Media File Format Could Allow Remote Code
Execution (941569 and 944275)
- this item is related to, or is an addition to, MS06-078
- this item pertains to Windows Media Format Runtime versions
7.1, 9, and 9.5. Versions 6.x and 4.1 are not affected.
- Win-98 may benefit from the use of win-2k versions
of this patch (testing required)


Microsoft Security Bulletin MS07-069
Cumulative Security Update for Internet Explorer (942615)
- this seems to be an update to MS07-057
- most of MS07-069 pertains either to IE7 or 64-bit
versions of XP and server 2003
- there *may* be one or two items either in MS07-069
or MS-07-057 that *might* be applicable to win-98


Microsoft Security Bulletin MS07-063
Vulnerability in SMBv2 Could Allow Remote Code Execution (942624)
(Only pertains to Vista)

Microsoft Security Bulletin MS07-065
Vulnerability in Message Queuing Could Allow Remote Code Execution
(937894)
- This pertains to the Message Queuing Service on Win-2K and XP.
- in a previous MS bulletin (MS05-017) MS played it's usual game with
Windows-98 and did not specifically mention if win-98 was
vulnerable,
it only stated explicitly that win-me was not affected.


Microsoft Security Bulletin MS07-066
Vulnerability in Windows Kernel Could Allow Elevation of Privilege
(943078)
(only pertains to Vista)

Microsoft Security Bulletin MS07-067
Vulnerability in Macrovision Driver Could Allow Local Elevation of
Privilege (944653)
- only pertains to XP and Server 2003
- most likely does not pertain to win-9x
 
D

dan

Thanx MEB and 98 Guy.... This "common user", lol will chill
until I've done more 'dd' on the subject. Will update post if I can,
and stick with what at present is a very normal functioning IE 6....


Once again thanx so much for all your input on/to this Grp.
Have a great Holiday Season ! eom....



"MEB" <meb@not here@hotmail.com> wrote in message
news:%23zItxuVPIHA.5988@TK2MSFTNGP02.phx.gbl...
>
>
> "dan" <nospam@nsm.com> wrote in message
> news:%23mGiW2OPIHA.1204@TK2MSFTNGP03.phx.gbl...
> | Does anyone know if this is good for Win 98/IE6.5 ?
> |
> |
>
> Let me take the cross road here... I haven't checked what this particular
> update supposedly does so I'll speak generally:
>
> Having installed some of the supposed modified updates for 9X/IE6, I can
> make just a few comments.
>
> Though there were some that were useful updates previously, which could

be
> tested the latest, from what I can find, have not really been tested
> against what they supposedly fix, in the 9X environment.
> I can also suggest, that these may actually cause issues within your 9X
> system [at least until someone works out the kinks] if you were to attempt

a
> manual installation.
>
> If you want to keep using IE6, do so only when necessary if these
> non-updated issues cause you concern.
> Many of these updates make changes in the handling of ActiveX, scripting,
> and other which, as you don't have the same versions and other that a
> supported system does [other updates have made significant modifications

in
> the supported OSs], MAY not apply at all, or potentially, could cause
> problems in 9X or an application which might be designed for an older
> version of a replaced file, or need that ActiveX or scripting function

that
> was disabled or blocked. The cross modifications and *installation

testing*
> of these supposed {modified} updates [as was supposedly done when

Microsoft
> released them for 9X, insert laugh here] is a distinctly small group of
> individuals, and Microsoft definitely isn't going to make a hotfix to
> correct any errors caused in the 9X system. Note, I'm NOT saying the
> modified files are worthless [just not really tested], but any issues that
> might pop-up are issues YOU will be fixing.
>
> So to state outright that yes they are safe, and needed, and will work
> without issue in YOUR particular 9X configuration, would likely be a false
> claim by anyone who made that statement. Many of the installation testers
> run highly modified systems which will never reflect what a common user
> might be running, and likely no one will have your exact application
> configuration and needs. Any non-official files are USE AT YOUR OWN RISK.
> Moreover, I'd think there is likely no one who can assure that these
> modified files do not introduce more security flaws into the 9X

environment,
> as they are specifically designed for NT based operating systems and
> inter-relate to other updates for those OSs.
>
> --
> MEB
> http://peoplescounsel.orgfree.com
> ________
>
>
>
>
>
 
M

MEB

"98 Guy" <98@Guy.com> wrote in message news:47615105.55F5B710@Guy.com...
| Since MEB did not provide any details AT ALL about what he did or what
| he knows regarding the recent set of patches, here is what I've found:
|
| http://www.microsoft.com/technet/security/bulletin/ms07-dec.mspx

Oops, forgot to post the bulletin, thanks for the headsup. See new
Cumulative Security post for additional links and/or information.

|
| Microsoft Security Bulletin MS07-064
| Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)
| - directX versions 7 through 10 is affected on 2K through
| Vista - IE not implicated
| - this item is related to or replaces MS05-050
| - Windows 9x may benefit from this update
| - The file Quartz.dll seems to be the only file updated or
| replaced
|
|
| Microsoft Security Bulletin MS07-068
| Vulnerability in Windows Media File Format Could Allow Remote Code
| Execution (941569 and 944275)
| - this item is related to, or is an addition to, MS06-078
| - this item pertains to Windows Media Format Runtime versions
| 7.1, 9, and 9.5. Versions 6.x and 4.1 are not affected.
| - Win-98 may benefit from the use of win-2k versions
| of this patch (testing required)
|
|
| Microsoft Security Bulletin MS07-069
| Cumulative Security Update for Internet Explorer (942615)
| - this seems to be an update to MS07-057
| - most of MS07-069 pertains either to IE7 or 64-bit
| versions of XP and server 2003
| - there *may* be one or two items either in MS07-069
| or MS-07-057 that *might* be applicable to win-98
|
|
| Microsoft Security Bulletin MS07-063
| Vulnerability in SMBv2 Could Allow Remote Code Execution (942624)
| (Only pertains to Vista)
|
| Microsoft Security Bulletin MS07-065
| Vulnerability in Message Queuing Could Allow Remote Code Execution
| (937894)
| - This pertains to the Message Queuing Service on Win-2K and XP.
| - in a previous MS bulletin (MS05-017) MS played it's usual game with
| Windows-98 and did not specifically mention if win-98 was
| vulnerable,
| it only stated explicitly that win-me was not affected.
|
|
| Microsoft Security Bulletin MS07-066
| Vulnerability in Windows Kernel Could Allow Elevation of Privilege
| (943078)
| (only pertains to Vista)
|
| Microsoft Security Bulletin MS07-067
| Vulnerability in Macrovision Driver Could Allow Local Elevation of
| Privilege (944653)
| - only pertains to XP and Server 2003
| - most likely does not pertain to win-9x

So from what you have posted, it appears that three MAY be of use depending
upon what the individual user might be using or have installed.

--
MEB
http://peoplescounsel.orgfree.com
________
 
Back
Top Bottom