Thu, 05 Jan 2006 20:16:46 +0000, Adam Piggott
<usenet@proactiveservices.co.invalidwrote:

>Microsoft have published a patch for the Windows WMF vulnerability,
>available via Windows Update. Seems they've decided to put it up earlier as
>we're all complaining we want it NW and not later :-)
For Win 2K and later. From the FAQ concerning Win 9X/ME:
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE),
and Microsoft Windows Millennium Edition (ME) were previously
listed as affected, but are no longer listed. Why is that?
Although Windows 98, Windows 98 Second Edition, and Windows
Millennium Edition do contain the affected component, at this
point in the investigation, an exploitable attack vector has
not been identified that would yield a Critical severity rating
for these versions. Per the support life cycle of these versions,
only vulnerabilities of Critical severity would receive security
updates.
I've installed the ND32 fix on my Win ME PC, and it looks like
it will stay :)
Art
http://home.epix.net/~artnpeg

Q wrote:
Art <null@zilch.comwrote in
<@4ax.com>:
>
>
>>For Win 2K and later. From the FAQ concerning Win 9X/ME:

>>Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE),
>>and Microsoft Windows Millennium Edition (ME) were previously
>>listed as affected, but are no longer listed. Why is that?
>>
>>Although Windows 98, Windows 98 Second Edition, and Windows
>>Millennium Edition do contain the affected component, at this
>>point in the investigation, an exploitable attack vector has
>>not been identified that would yield a Critical severity rating
>>for these versions. Per the support life cycle of these versions,
>>only vulnerabilities of Critical severity would receive security
>>updates.

>>I've installed the ND32 fix on my Win ME PC, and it looks like
>>it will stay :)
>
>
Steve Gibson has said he'll write one for 9x/ME. I assume he'll make
the source available so others can check it, but I'm not sure. In the
meantime, I'll certainly stick with the ND32 patch.

I installed the fix on Gibson's site.

I'm nervous about trusting a Microsoft patch that they
rushed out to say they fixed it fast. Many of their "fixes"
have been to known to be very problematic.

Any thoughts on leaving the Gibson patch and waiting for the
Microsoft patch to be be tested in real life?

TIA

Louise

Thu, 05 Jan 2006 18:05:44 -0500, Boris Mohar
<borism_-void-_@sympatico.cawrote:

>While stumbling around on MS website looking for the bloody update I finally
>ended up wit this message:
>
>"Thank you for your interest in obtaining updates from our site.
>
>To use this site, you must be running Microsoft Internet Explorer 5 or later.
>
>To upgrade to the latest version of the browser, go to the Internet Explorer
>Downloads website."
>
>WTF? Does this mean that I cannot update without IE? I am using Firefox.

Why not use IE6 for Windows Update? You don't have use it for anything
else, or make it the default browser. Since getting all patches is
important, using IE and WU is really the only way to go.

Art

http://home.epix.net/~artnpeg

Microsoft has revised its webpage for Security Advisory 912840
to point to the new patch.

Unfortunately, this means they have removed from their site
the information on how to un-do the regsvr32 -u command they were
telling you to perform a couple days ago.

Steve

Todd H. <comphelp@toddh.netwrote:

>spope33@speedymail.org (Steve Pope) writes:

>Microsoft has revised its webpage for Security Advisory 912840
>to point to the new patch.

>Unfortunately, this means they have removed from their site
>the information on how to un-do the regsvr32 -u command they were
>telling you to perform a couple days ago.

>Luckily it's simple. Just drop the -u.

Yes thanks.

Steve

Thu, 05 Jan 2006 21:18:18 GMT, Art <null@zilch.comwrote:


>I've installed the ND32 fix on my Win ME PC, and it looks like
>it will stay :)
>
>Art

What's the ND32 fix? I need it for my other PC which is running
Win98SE. Thx.

Thu, 05 Jan 2006 22:41:45 GMT, "David H. Lipman"
<DLipman~nospam~@Verizon.Netwrote:


>Their fix is a replacement of gdi32.dll. That's it.

Does that mean if I was to run "sfc /scannow" it would replace the new
version with the old version?

Sat, 07 Jan 2006 15:32:08 GMT, Sean Cousins <spam@off.invalid>
wrote:

Thu, 05 Jan 2006 21:18:18 GMT, Art <null@zilch.comwrote:
>
>
>>I've installed the ND32 fix on my Win ME PC, and it looks like
>>it will stay :)
>>
>>Art
>
>What's the ND32 fix? I need it for my other PC which is running
>Win98SE. Thx.

Art

http://home.epix.net/~artnpeg

Sat, 07 Jan 2006 15:35:36 GMT, Sean Cousins <spam@off.invalid>
wrote:

Thu, 05 Jan 2006 22:41:45 GMT, "David H. Lipman"
><DLipman~nospam~@Verizon.Netwrote:
>
>
>>Their fix is a replacement of gdi32.dll. That's it.
>
>Does that mean if I was to run "sfc /scannow" it would replace the new
>version with the old version?

No. You must d/l and install the MS patch.

Art

http://home.epix.net/~artnpeg

Sat, 07 Jan 2006 17:05:40 GMT, "David H. Lipman"
<DLipman~nospam~@Verizon.Netwrote:

>It puts a copy in the DLL Cache and it updates the Registry with the info on the patch
>installation so I don't think so.
K, thx.

Sat, 07 Jan 2006 15:37:41 GMT, Art <null@zilch.comwrote:

>
>
>Art
Got it, thanks.