Another Guess About KB891711

[Elizabeth]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Do others who are having problems with the KB891711 Windows Update
also have running the Spybot Search and Destroy Teatimer? I ask
because we're trying to put together all the commonalities of systems
having KB891711 problems.

In the Spybot S&D forum on their site, they're talking about it, too.
A Spybot advisor says, "I'm guessing Spybot's Teatimer may be
interacting with the installation of this update and causing its
completion to fail. However, this is pure speculation at this point
since I've done no research to confirm this yet. I recommend anyone
with this problem simply disable the registry entry from running, as
you have, until the actual problem is confirmed and a true 'fix' is
recommended, either by Microsoft or someone who's truly investigated
the issue. "

Beth

 

[Bobster]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Elizabeth

I have Teatimer running at start, have successfully downloaded KB891711
(and, yes, it appears in msconfig, startup), and have had no problems AFAIK.
Normally Teatimer reports any attempts to change the registry but I don't
remember seeing any such alert when I downloaded KB891711. The answer may
be that not all Windows changes result in registry changes.

=================================================================
"Elizabeth" <bethvollbach@earthlink.deletethis.net> wrote in message
news:2s2c31p42gddaj52ao5hikvfmptqrd9634@4ax.com...
> Do others who are having problems with the KB891711 Windows Update
> also have running the Spybot Search and Destroy Teatimer? I ask
> because we're trying to put together all the commonalities of systems
> having KB891711 problems.
>
> In the Spybot S&D forum on their site, they're talking about it, too.
> A Spybot advisor says, "I'm guessing Spybot's Teatimer may be
> interacting with the installation of this update and causing its
> completion to fail. However, this is pure speculation at this point
> since I've done no research to confirm this yet. I recommend anyone
> with this problem simply disable the registry entry from running, as
> you have, until the actual problem is confirmed and a true 'fix' is
> recommended, either by Microsoft or someone who's truly investigated
> the issue. "
>
> Beth

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

bobster wrote:
>
> Elizabeth
>
> I have Teatimer running at start, have successfully downloaded KB891711
> (and, yes, it appears in msconfig, startup), and have had no problems AFAIK.
> Normally Teatimer reports any attempts to change the registry but I don't
> remember seeing any such alert when I downloaded KB891711. The answer may
> be that not all Windows changes result in registry changes.
>


I'm with Bobster. Spybot, teatimer, KB891711 and no problems anywhere.
win98fe

Steve
41N
--
"THAT IS WHERE THE COUNTRY IS HEADED - IT IS HEADED TOWARD
OVERSIMPLICICATION...
WHAT'S WRONG IS THAT EVERYONE IS SO SURE THEY'RE RIGHT! THATS PRETTY
SCARY - THE
FUTURE, I THINK, IS PRETTY SCARY." -'A Prayer for Owen Meany' - John
Irving

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

bobster wrote:
> Elizabeth
>
> I have Teatimer running at start, have successfully downloaded KB891711
> (and, yes, it appears in msconfig, startup), and have had no problems AFAIK.
> Normally Teatimer reports any attempts to change the registry but I don't
> remember seeing any such alert when I downloaded KB891711. The answer may
> be that not all Windows changes result in registry changes.
>
> =================================================================
> "Elizabeth" <bethvollbach@earthlink.deletethis.net> wrote in message
> news:2s2c31p42gddaj52ao5hikvfmptqrd9634@4ax.com...
>
>>Do others who are having problems with the KB891711 Windows Update
>>also have running the Spybot Search and Destroy Teatimer? I ask
>>because we're trying to put together all the commonalities of systems
>>having KB891711 problems.
>>
>> In the Spybot S&D forum on their site, they're talking about it, too.
>>A Spybot advisor says, "I'm guessing Spybot's Teatimer may be
>>interacting with the installation of this update and causing its
>>completion to fail. However, this is pure speculation at this point
>>since I've done no research to confirm this yet. I recommend anyone
>>with this problem simply disable the registry entry from running, as
>>you have, until the actual problem is confirmed and a true 'fix' is
>>recommended, either by Microsoft or someone who's truly investigated
>>the issue. "
>>
>>Beth
>
>
>
teatimer ok here with update

--
Rev Robert M Jones, Wimborne Baptist Church, UK
http://www.wimborne-baptist.org.uk
Free trial of Mailwasher Pro - effective email spam filter -
(commission goes to our partners in Bulgaria)
http://entier.ecosm.com/link/?ribteq

 

[Elizabeth]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

I got the teatimer report of a change to the registry. And I pressed
ALLOW. :-( Beth

On Mon, 14 Mar 2005 14:37:36 -0800, "bobster" <fauxie@bogus.net>
wrote:

>Elizabeth
>
>I have Teatimer running at start, have successfully downloaded KB891711
>(and, yes, it appears in msconfig, startup), and have had no problems AFAIK.
>Normally Teatimer reports any attempts to change the registry but I don't
>remember seeing any such alert when I downloaded KB891711. The answer may
>be that not all Windows changes result in registry changes.
>
>=================================================================
>"Elizabeth" <bethvollbach@earthlink.deletethis.net> wrote in message
>news:2s2c31p42gddaj52ao5hikvfmptqrd9634@4ax.com...
>> Do others who are having problems with the KB891711 Windows Update
>> also have running the Spybot Search and Destroy Teatimer? I ask
>> because we're trying to put together all the commonalities of systems
>> having KB891711 problems.
>>
>> In the Spybot S&D forum on their site, they're talking about it, too.
>> A Spybot advisor says, "I'm guessing Spybot's Teatimer may be
>> interacting with the installation of this update and causing its
>> completion to fail. However, this is pure speculation at this point
>> since I've done no research to confirm this yet. I recommend anyone
>> with this problem simply disable the registry entry from running, as
>> you have, until the actual problem is confirmed and a true 'fix' is
>> recommended, either by Microsoft or someone who's truly investigated
>> the issue. "
>>
>> Beth
>

 

[Bobster]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Beth,

Can't be certain that I didn't get a Teatimer alert. At my age, things
don't always register. Just don't remember seeing the alert, however.

===============================================================
"Elizabeth" <bethvollbach@earthlink.deletethis.net> wrote in message
news:6pec31l4hudn76doiq2j0ujmhtph1gp456@4ax.com...
> I got the teatimer report of a change to the registry. And I pressed
> ALLOW. :-( Beth
>
> On Mon, 14 Mar 2005 14:37:36 -0800, "bobster" <fauxie@bogus.net>
> wrote:
>
> >Elizabeth
> >
> >I have Teatimer running at start, have successfully downloaded KB891711
> >(and, yes, it appears in msconfig, startup), and have had no problems
AFAIK.
> >Normally Teatimer reports any attempts to change the registry but I don't
> >remember seeing any such alert when I downloaded KB891711. The answer
may
> >be that not all Windows changes result in registry changes.
> >
> >=================================================================
> >"Elizabeth" <bethvollbach@earthlink.deletethis.net> wrote in message
> >news:2s2c31p42gddaj52ao5hikvfmptqrd9634@4ax.com...
> >> Do others who are having problems with the KB891711 Windows Update
> >> also have running the Spybot Search and Destroy Teatimer? I ask
> >> because we're trying to put together all the commonalities of systems
> >> having KB891711 problems.
> >>
> >> In the Spybot S&D forum on their site, they're talking about it, too.
> >> A Spybot advisor says, "I'm guessing Spybot's Teatimer may be
> >> interacting with the installation of this update and causing its
> >> completion to fail. However, this is pure speculation at this point
> >> since I've done no research to confirm this yet. I recommend anyone
> >> with this problem simply disable the registry entry from running, as
> >> you have, until the actual problem is confirmed and a true 'fix' is
> >> recommended, either by Microsoft or someone who's truly investigated
> >> the issue. "
> >>
> >> Beth
> >
>

 

[Elizabeth]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Looks to me, then, the problem is Dialup. Beth

On Mon, 14 Mar 2005 18:38:33 -0600, Steve IA <bringem@home.now> wrote:

>bobster wrote:
>>
>> Elizabeth
>>
>> I have Teatimer running at start, have successfully downloaded KB891711
>> (and, yes, it appears in msconfig, startup), and have had no problems AFAIK.
>> Normally Teatimer reports any attempts to change the registry but I don't
>> remember seeing any such alert when I downloaded KB891711. The answer may
>> be that not all Windows changes result in registry changes.
>>
>
>
>I'm with Bobster. Spybot, teatimer, KB891711 and no problems anywhere.
>win98fe
>
>Steve
>41N

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

How do you get from "TeaTimer" to "Dial-up" as the supposed problem? I am seeing
issues with KB891711 on machines that are on broadband, with none of the software
being mentioned in this and other forums as supposedly responsible for the issues.
--
Glen Ventura, MS MVP Shell/User, A+
~ In memory of our friend, MVP Alex Nichol ~
http://aumha.org/alex.htm
http://dts-l.org/goodpost.htm


"Elizabeth" <bethvollbach@earthlink.deletethis.net> wrote in message
news:hvec3113s0jge63fak3ks1ovneuklaoa6s@4ax.com...
> Looks to me, then, the problem is Dialup. Beth
>
> On Mon, 14 Mar 2005 18:38:33 -0600, Steve IA <bringem@home.now> wrote:
>
> >bobster wrote:
> >>
> >> Elizabeth
> >>
> >> I have Teatimer running at start, have successfully downloaded KB891711
> >> (and, yes, it appears in msconfig, startup), and have had no problems AFAIK.
> >> Normally Teatimer reports any attempts to change the registry but I don't
> >> remember seeing any such alert when I downloaded KB891711. The answer may
> >> be that not all Windows changes result in registry changes.
> >>
> >
> >
> >I'm with Bobster. Spybot, teatimer, KB891711 and no problems anywhere.
> >win98fe
> >
> >Steve
> >41N
>

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

FWIW, leaving aside several MRU entries, I can find the following FOUR
registry entries related to KB891711 on this WinME box, which is working
fine after the 891711 Win Update:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed
Components\{2cd1b477-8d46-4b86-b7dc-13fb65fb5914}]
@="Windows Millennium Edition KB891711 Update"
"IsInstalled"=dword:00000001
"Locale"="EN"
"Version"="4.10.0.2222"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
<SNIP>
"KB891711"="C:\\WINDOWS\\SYSTEM\\KB891711\\KB891711.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Updates\
WinME\UPD891711]
@="Windows Millennium Edition KB891711 Update"
"C:\\WINDOWS\\SYSTEM\\KB891711\\KB891711.EXE"=""
"C:\\WINDOWS\\SYSTEM\\KB891711\\Q891711.DLL"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8917
11]
@=""
"DisplayName"="Windows Millennium Edition KB891711 Update"
"UninstallString"="RunDll32 advpack.dll,LaunchINFSection
C:\\WINDOWS\\INF\\QFE\\WinME\\891711UN.INF"


HTH,
--
Jack E. Martinelli 2002-05 MS MVP for Shell/User / DTS
Help us help you: http://www.dts-L.org/goodpost.htm

http://www.microsoft.com/athome/security/protect/default.aspx
In Memorium: Alex Nichol
http://www.microsoft.com/windowsxp/expertzone/meetexperts/nichol.mspx
Your cooperation is very appreciated.
------
"bobster" <fauxie@bogus.net> wrote in message
news:uTkF2ZOKFHA.3552@TK2MSFTNGP12.phx.gbl...
> Elizabeth
>
> I have Teatimer running at start, have successfully downloaded KB891711
> (and, yes, it appears in msconfig, startup), and have had no problems
AFAIK.
> Normally Teatimer reports any attempts to change the registry but I don't
> remember seeing any such alert when I downloaded KB891711. The answer may
> be that not all Windows changes result in registry changes.
>
> =================================================================
> "Elizabeth" <bethvollbach@earthlink.deletethis.net> wrote in message
> news:2s2c31p42gddaj52ao5hikvfmptqrd9634@4ax.com...
> > Do others who are having problems with the KB891711 Windows Update
> > also have running the Spybot Search and Destroy Teatimer? I ask
> > because we're trying to put together all the commonalities of systems
> > having KB891711 problems.
> >
> > In the Spybot S&D forum on their site, they're talking about it, too.
> > A Spybot advisor says, "I'm guessing Spybot's Teatimer may be
> > interacting with the installation of this update and causing its
> > completion to fail. However, this is pure speculation at this point
> > since I've done no research to confirm this yet. I recommend anyone
> > with this problem simply disable the registry entry from running, as
> > you have, until the actual problem is confirmed and a true 'fix' is
> > recommended, either by Microsoft or someone who's truly investigated
> > the issue. "
> >
> > Beth
>
>

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

May I report that I've just heard from MVP Jim Eshelman about the KB891711
problem.
He is unable to offer anything new to our discussion.
His recommendation is to disable or uninstall the update until MS offers a
new fix.
He seems to think the problem is restricted to Win9X machines, but I think
some W2K boxes have been hit, too.
I have no idea yet what the cause may be, despite several earlier promising
suggestions.
--
Jack E. Martinelli 2002-05 MS MVP for Shell/User / DTS
Help us help you: http://www.dts-L.org/goodpost.htm

http://www.microsoft.com/athome/security/protect/default.aspx
In Memorium: Alex Nichol
http://www.microsoft.com/windowsxp/expertzone/meetexperts/nichol.mspx
Your cooperation is very appreciated.
------
"Jack E Martinelli" <jemartin_DELETE@NO_SPAM_gis.net> wrote in message
news:O3yQA$VKFHA.3640@TK2MSFTNGP12.phx.gbl...

<SNIP>

 

[Elizabeth]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

I wrote that post you're referring to (which said it's not Teatimer
and maybe it's dialup) before I read that others not on dialup are
having trouble, too.

Beth

On Mon, 14 Mar 2005 22:57:56 -0500, "glee" <glee29@spamindspring.com>
wrote:

>How do you get from "TeaTimer" to "Dial-up" as the supposed problem? I am seeing
>issues with KB891711 on machines that are on broadband, with none of the software
>being mentioned in this and other forums as supposedly responsible for the issues.

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Ah, I see. I also found the earlier thread on this subject which you were involved
in. This update is really causing some people a lot of problems, isn't it!
--
Glen Ventura, MS MVP Shell/User, A+
~ In memory of our friend, MVP Alex Nichol ~
http://aumha.org/alex.htm
http://dts-l.org/goodpost.htm

"Elizabeth" <bethvollbach@earthlink.deletethis.net> wrote in message
news:hk5e31d893itl02n8r1uq4kp4ogkcdfiph@4ax.com...
> I wrote that post you're referring to (which said it's not Teatimer
> and maybe it's dialup) before I read that others not on dialup are
> having trouble, too.
>
> Beth
>
> On Mon, 14 Mar 2005 22:57:56 -0500, "glee" <glee29@spamindspring.com>
> wrote:
>
> >How do you get from "TeaTimer" to "Dial-up" as the supposed problem? I am seeing
> >issues with KB891711 on machines that are on broadband, with none of the software
> >being mentioned in this and other forums as supposedly responsible for the
issues.
>

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

But one thing is certain. It's KB891711.exe's fault & MS is diligently
are working on a fix. Right?

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcrrcp@netzero.net
"Jack E Martinelli" <jemartin_DELETE@NO_SPAM_gis.net> wrote in message
news:e29w4sZKFHA.1812@TK2MSFTNGP15.phx.gbl...
| May I report that I've just heard from MVP Jim Eshelman about the
KB891711
| problem.
| He is unable to offer anything new to our discussion.
| His recommendation is to disable or uninstall the update until MS
offers a
| new fix.
| He seems to think the problem is restricted to Win9X machines, but I
think
| some W2K boxes have been hit, too.
| I have no idea yet what the cause may be, despite several earlier
promising
| suggestions.
| --
| Jack E. Martinelli 2002-05 MS MVP for Shell/User / DTS
| Help us help you: http://www.dts-L.org/goodpost.htm
|
| http://www.microsoft.com/athome/security/protect/default.aspx
| In Memorium: Alex Nichol
| http://www.microsoft.com/windowsxp/expertzone/meetexperts/nichol.mspx
| Your cooperation is very appreciated.
| ------
| "Jack E Martinelli" <jemartin_DELETE@NO_SPAM_gis.net> wrote in message
| news:O3yQA$VKFHA.3640@TK2MSFTNGP12.phx.gbl...
|
| <SNIP>
|
|

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Nope, you're buckin responsibility here. You decided to take it, so it's
your fault!

PCR wrote:
> But one thing is certain. It's KB891711.exe's fault & MS is diligently
> are working on a fix. Right?

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

"Diligently at work", I meant. Better re-read it, now, Colorado!

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcrrcp@netzero.net
"Bill in Co." <someone@earthlink.net> wrote in message
news:O6YOcSeKFHA.1620@TK2MSFTNGP14.phx.gbl...
| Nope, you're buckin responsibility here. You decided to take it, so
it's
| your fault!
|
| PCR wrote:
| > But one thing is certain. It's KB891711.exe's fault & MS is
diligently
| > are working on a fix. Right?
|
|

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

That doesn't change it. You have to look within, grasshopper! (YOU
took it).

PCR wrote:
> "Diligently at work", I meant. Better re-read it, now, Colorado!
>
> --
> Thanks or Good Luck,
> There may be humor in this post, and,
> Naturally, you will not sue,
> should things get worse after this,
> PCR
> pcrrcp@netzero.net
> "Bill in Co." <someone@earthlink.net> wrote in message
> news:O6YOcSeKFHA.1620@TK2MSFTNGP14.phx.gbl...
>> Nope, you're buckin responsibility here. You decided to take it, so
it's
>> your fault!
>>
>> PCR wrote:
>>> But one thing is certain. It's KB891711.exe's fault & MS is diligently
>>> are working on a fix. Right?

 

[vinCe]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

On Wed, 16 Mar 2005 00:40:30 -0500, "PCR" <pcrrcp@netzero.net> wrote:

>http://www.microsoft.com/technet/Security/bulletin/ms05-002.mspx
>.......Quote...........
>Vulnerability Details
>Cursor and Icon Format Handling Vulnerability - CAN-2004-1049:
>
>A remote code execution vulnerability exists in the way that cursor,
>animated cursor, and icon formats are handled. An attacker could try to
>exploit the vulnerability by constructing a malicious cursor or icon
>file that could potentially allow remote code execution if a user
>visited a malicious Web site or viewed a malicious e-mail message. An
>attacker who successfully exploited this vulnerability could take
>complete control of an affected system.
>.......EOQ.............

Combine a kernel vulnerability that can result in an 0wned box and the
DNS cache poisoning that is starting to happen and it looks like a
seamless, transparent route to disaster. Which may explain why MSFT
issued a less than perfect method of handling the Cursor and Icon
Format Handling Vulnerability in Win98(SE)/ME.

more on DNS cache poisoning
http://isc.sans.org/diary.php?date=2005-03-04
http://isc.sans.org/diary.php?date=2005-03-05
http://isc.sans.org/diary.php?date=2005-03-07
http://isc.sans.org/diary.php?date=2005-03-13

And for those that aren't following along in the windowsme.general
newsgroup, there's some pretty damning evidence the KB891711 problems
are a video driver issue.
news:MPG.1ca12b625e96799298a6cf@msnews.microsoft.com

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

3/16/2005 9:16 AM
The latest development in the ...windowsme.general ng is that the KB891711
problem appears to be related to the video adapter / driver.
N. Miller (Norman) has two (nearly) identical machines, one only exhibiting
the problem, which has made it possible to narrow the cause (tentatively) to
the video driver.
See threads with "891711" in the Subject field.
--
Jack E. Martinelli 2002-05 MS MVP for Shell/User / DTS
Help us help you: http://www.dts-L.org/goodpost.htm

http://www.microsoft.com/athome/security/protect/default.aspx
In Memorium: Alex Nichol
http://www.microsoft.com/windowsxp/expertzone/meetexperts/nichol.mspx
Your cooperation is very appreciated.
------
"Jack E Martinelli" <jemartin_DELETE@NO_SPAM_gis.net> wrote in message
news:e29w4sZKFHA.1812@TK2MSFTNGP15.phx.gbl...
> May I report that I've just heard from MVP Jim Eshelman about the KB891711
> problem.
> He is unable to offer anything new to our discussion.
> His recommendation is to disable or uninstall the update until MS offers a
> new fix.
> He seems to think the problem is restricted to Win9X machines, but I think
> some W2K boxes have been hit, too.
> I have no idea yet what the cause may be, despite several earlier
promising
> suggestions.
> --
> Jack E. Martinelli 2002-05 MS MVP for Shell/User / DTS
> Help us help you: http://www.dts-L.org/goodpost.htm
>
> http://www.microsoft.com/athome/security/protect/default.aspx
> In Memorium: Alex Nichol
> http://www.microsoft.com/windowsxp/expertzone/meetexperts/nichol.mspx
> Your cooperation is very appreciated.
> ------
> "Jack E Martinelli" <jemartin_DELETE@NO_SPAM_gis.net> wrote in message
> news:O3yQA$VKFHA.3640@TK2MSFTNGP12.phx.gbl...
>
> <SNIP>
>
>

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

I guess I may click some of those, but I'm already convinced of the
horrific nature of this vulnerability. Thanks.


--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcrrcp@netzero.net
"Vince" <nobody@home.invalid> wrote in message
news:iphg315h6dslh6d0ihcqdl43b82vqnm3sa@4ax.com...
| On Wed, 16 Mar 2005 00:40:30 -0500, "PCR" <pcrrcp@netzero.net> wrote:
|
| >http://www.microsoft.com/technet/Security/bulletin/ms05-002.mspx
| >.......Quote...........
| >Vulnerability Details
| >Cursor and Icon Format Handling Vulnerability - CAN-2004-1049:
| >
| >A remote code execution vulnerability exists in the way that cursor,
| >animated cursor, and icon formats are handled. An attacker could try
to
| >exploit the vulnerability by constructing a malicious cursor or icon
| >file that could potentially allow remote code execution if a user
| >visited a malicious Web site or viewed a malicious e-mail message. An
| >attacker who successfully exploited this vulnerability could take
| >complete control of an affected system.
| >.......EOQ.............
|
| Combine a kernel vulnerability that can result in an 0wned box and the
| DNS cache poisoning that is starting to happen and it looks like a
| seamless, transparent route to disaster. Which may explain why MSFT
| issued a less than perfect method of handling the Cursor and Icon
| Format Handling Vulnerability in Win98(SE)/ME.
|
| more on DNS cache poisoning
| http://isc.sans.org/diary.php?date=2005-03-04
| http://isc.sans.org/diary.php?date=2005-03-05
| http://isc.sans.org/diary.php?date=2005-03-07
| http://isc.sans.org/diary.php?date=2005-03-13
|
| And for those that aren't following along in the windowsme.general
| newsgroup, there's some pretty damning evidence the KB891711 problems
| are a video driver issue.
| news:MPG.1ca12b625e96799298a6cf@msnews.microsoft.com

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Go click away. I have you in my prayers. Plus you have my
condolences.

PCR wrote:
> I guess I may click some of those, but I'm already convinced of the
> horrific nature of this vulnerability. Thanks.
>
>
> --
> Thanks or Good Luck,
> There may be humor in this post, and,
> Naturally, you will not sue,
> should things get worse after this,
> PCR
> pcrrcp@netzero.net
> "Vince" <nobody@home.invalid> wrote in message
> news:iphg315h6dslh6d0ihcqdl43b82vqnm3sa@4ax.com...
>> On Wed, 16 Mar 2005 00:40:30 -0500, "PCR" <pcrrcp@netzero.net> wrote:
>>
>>> http://www.microsoft.com/technet/Security/bulletin/ms05-002.mspx
>>> .......Quote...........
>>> Vulnerability Details
>>> Cursor and Icon Format Handling Vulnerability - CAN-2004-1049:
>>>
>>> A remote code execution vulnerability exists in the way that cursor,
>>> animated cursor, and icon formats are handled. An attacker could try to
>>> exploit the vulnerability by constructing a malicious cursor or icon
>>> file that could potentially allow remote code execution if a user
>>> visited a malicious Web site or viewed a malicious e-mail message. An
>>> attacker who successfully exploited this vulnerability could take
>>> complete control of an affected system.
>>> .......EOQ.............
>>
>> Combine a kernel vulnerability that can result in an 0wned box and the
>> DNS cache poisoning that is starting to happen and it looks like a
>> seamless, transparent route to disaster. Which may explain why MSFT
>> issued a less than perfect method of handling the Cursor and Icon
>> Format Handling Vulnerability in Win98(SE)/ME.
>>
>> more on DNS cache poisoning
>> http://isc.sans.org/diary.php?date=2005-03-04
>> http://isc.sans.org/diary.php?date=2005-03-05
>> http://isc.sans.org/diary.php?date=2005-03-07
>> http://isc.sans.org/diary.php?date=2005-03-13
>>
>> And for those that aren't following along in the windowsme.general
>> newsgroup, there's some pretty damning evidence the KB891711 problems
>> are a video driver issue.
>> news:MPG.1ca12b625e96799298a6cf@msnews.microsoft.com

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

I'm anxious to see whether a functioning KB891711.exe will stop my
NetZero stealth installs. But it will have to FUNCTION first!

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcrrcp@netzero.net
"Bill in Co." <someone@earthlink.net> wrote in message
news:eNLmOGrKFHA.3064@TK2MSFTNGP12.phx.gbl...
| "the only fear we have is ...."
|
| Have fun with it.
|
| When you *finally* get done with all the WU snafus, I'll catch ya on
the
| other side.
|
| PCR wrote:
....snip

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Why don't ya just hang it up, and join me in Serenity? It's a lot less
stressful.

PCR wrote:
> I'm anxious to see whether a functioning KB891711.exe will stop my
> NetZero stealth installs. But it will have to FUNCTION first!
>
> --
> Thanks or Good Luck,
> There may be humor in this post, and,
> Naturally, you will not sue,
> should things get worse after this,
> PCR
> pcrrcp@netzero.net
> "Bill in Co." <someone@earthlink.net> wrote in message
> news:eNLmOGrKFHA.3064@TK2MSFTNGP12.phx.gbl...
>> "the only fear we have is ...."
>>
>> Have fun with it.
>>
>> When you *finally* get done with all the WU snafus, I'll catch ya on the
>> other side.
>>
>> PCR wrote:
> ...snip

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Thanks.

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcrrcp@netzero.net
"Bill in Co." <someone@earthlink.net> wrote in message
news:%23TGTAHrKFHA.440@TK2MSFTNGP10.phx.gbl...
| Go click away. I have you in my prayers. Plus you have my
| condolences.
|
| PCR wrote:
| > I guess I may click some of those, but I'm already convinced of the
| > horrific nature of this vulnerability. Thanks.
| >
| >
| > --
| > Thanks or Good Luck,
| > There may be humor in this post, and,
| > Naturally, you will not sue,
| > should things get worse after this,
| > PCR
| > pcrrcp@netzero.net
| > "Vince" <nobody@home.invalid> wrote in message
| > news:iphg315h6dslh6d0ihcqdl43b82vqnm3sa@4ax.com...
| >> On Wed, 16 Mar 2005 00:40:30 -0500, "PCR" <pcrrcp@netzero.net>
wrote:
| >>
| >>> http://www.microsoft.com/technet/Security/bulletin/ms05-002.mspx
| >>> .......Quote...........
| >>> Vulnerability Details
| >>> Cursor and Icon Format Handling Vulnerability - CAN-2004-1049:
| >>>
| >>> A remote code execution vulnerability exists in the way that
cursor,
| >>> animated cursor, and icon formats are handled. An attacker could
try to
| >>> exploit the vulnerability by constructing a malicious cursor or
icon
| >>> file that could potentially allow remote code execution if a user
| >>> visited a malicious Web site or viewed a malicious e-mail message.
An
| >>> attacker who successfully exploited this vulnerability could take
| >>> complete control of an affected system.
| >>> .......EOQ.............
| >>
| >> Combine a kernel vulnerability that can result in an 0wned box and
the
| >> DNS cache poisoning that is starting to happen and it looks like a
| >> seamless, transparent route to disaster. Which may explain why
MSFT
| >> issued a less than perfect method of handling the Cursor and Icon
| >> Format Handling Vulnerability in Win98(SE)/ME.
| >>
| >> more on DNS cache poisoning
| >> http://isc.sans.org/diary.php?date=2005-03-04
| >> http://isc.sans.org/diary.php?date=2005-03-05
| >> http://isc.sans.org/diary.php?date=2005-03-07
| >> http://isc.sans.org/diary.php?date=2005-03-13
| >>
| >> And for those that aren't following along in the windowsme.general
| >> newsgroup, there's some pretty damning evidence the KB891711
problems
| >> are a video driver issue.
| >> news:MPG.1ca12b625e96799298a6cf@msnews.microsoft.com
|
|

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Serenity now. SERENITY NOW.

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcrrcp@netzero.net
"Bill in Co." <someone@earthlink.net> wrote in message news:%23QlGWgsKFHA.3332@TK2MSFTNGP15.phx.gbl...
| Why don't ya just hang it up, and join me in Serenity? It's a lot less
| stressful.
|
| PCR wrote:
| > I'm anxious to see whether a functioning KB891711.exe will stop my
| > NetZero stealth installs. But it will have to FUNCTION first!
| >
| > --
| > Thanks or Good Luck,
| > There may be humor in this post, and,
| > Naturally, you will not sue,
| > should things get worse after this,
| > PCR
| > pcrrcp@netzero.net
| > "Bill in Co." <someone@earthlink.net> wrote in message
| > news:eNLmOGrKFHA.3064@TK2MSFTNGP12.phx.gbl...
| >> "the only fear we have is ...."
| >>
| >> Have fun with it.
| >>
| >> When you *finally* get done with all the WU snafus, I'll catch ya on the
| >> other side.
| >>
| >> PCR wrote:
| > ...snip
|
|