Security Update for JView Profiler KB903235

G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

I had taken note on 7/19/05 of this critical update, which I was going
to update later on. Today this critical update is no longer at the
Windows Update site. Checked my installed updates, in case I had
updated it but forgot about it, but the update is no longer there.

Below is the note I had written down:

Security Update for JView Profiler (KB903235), 105 kb.
MS05-037
Issued: July 12, 2005
Version: 1.0
JView Profiler (Javaprxy.dll)
This update sets the "kill Bit" for JView Profiler (Javaprxy.dll).

My question: Is this ciritcal update for Windows 98 SE, and if so,
where can it be updated from?

Thanks to all for your help.
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Not sure what's up with the update, I'm checking into that. However, the
update performs a relatively simple registry hack that you can do yourself.
Note the following paragraph from MS05-037 (the pertaining Security
Bulletin):

------------------------------------------------------
Does this update contain any changes to functionality?
No. Since the JView Profiler COM object was not designed to be accessed
through Internet Explorer, this update sets the kill bit for the JView
Profiler (Javaprxy.dll) COM object. To help protect customers who have this
object installed, this update prevents it from being instantiated in
Internet Explorer. For more information about kill bits, see Microsoft
Knowledge Base Article 240797. The class identifier (CLSID) for this object
is '03D9F3F2-B0E3-11D2-B081-006008039BF0'.
------------------------------------------------------

In short: Open REGEDIT and navigate to HKLM\Software\Internet
Explorer\ActiveX Compatibility. Look at the CLSID keys under that for a key
named "03D9F3F2-B0E3-11D2-B081-006008039BF0'" If that key doesn't exist,
create it. In that key, create a new DWORD named "Compatibility Flags", make
the value 400.

Should result in a value that looks like this: 0x000000400 (1024)

--
Gary S. Terhune
MS-MVP Shell/User


"Just me" <Justme489@myLink.com> wrote in message
news:5ltbg1l8a3i1dra4adsip58cofhobrpslq@4ax.com...
>I had taken note on 7/19/05 of this critical update, which I was going
> to update later on. Today this critical update is no longer at the
> Windows Update site. Checked my installed updates, in case I had
> updated it but forgot about it, but the update is no longer there.
>
> Below is the note I had written down:
>
> Security Update for JView Profiler (KB903235), 105 kb.
> MS05-037
> Issued: July 12, 2005
> Version: 1.0
> JView Profiler (Javaprxy.dll)
> This update sets the "kill Bit" for JView Profiler (Javaprxy.dll).
>
> My question: Is this ciritcal update for Windows 98 SE, and if so,
> where can it be updated from?
>
> Thanks to all for your help.
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

| In short: Open REGEDIT and navigate to HKLM\Software\Internet
| Explorer\ActiveX Compatibility.

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX
Compatibility\{03D9F3F2-B0E3-11D2-B081-006008039BF0}
Compatibility Flags 0x00000400 (1024) <<DWORD Value

Without "Microsoft", all is lost.


--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcrrcp@netzero.net
"Gary S. Terhune" <grystnews@mvps.org> wrote in message
news:ukeOlKOpFHA.3408@tk2msftngp13.phx.gbl...
| Not sure what's up with the update, I'm checking into that. However,
the
| update performs a relatively simple registry hack that you can do
yourself.
| Note the following paragraph from MS05-037 (the pertaining Security
| Bulletin):
|
| ------------------------------------------------------
| Does this update contain any changes to functionality?
| No. Since the JView Profiler COM object was not designed to be
accessed
| through Internet Explorer, this update sets the kill bit for the JView
| Profiler (Javaprxy.dll) COM object. To help protect customers who have
this
| object installed, this update prevents it from being instantiated in
| Internet Explorer. For more information about kill bits, see Microsoft
| Knowledge Base Article 240797. The class identifier (CLSID) for this
object
| is '03D9F3F2-B0E3-11D2-B081-006008039BF0'.
| ------------------------------------------------------
|
| In short: Open REGEDIT and navigate to HKLM\Software\Internet
| Explorer\ActiveX Compatibility. Look at the CLSID keys under that for
a key
| named "03D9F3F2-B0E3-11D2-B081-006008039BF0'" If that key doesn't
exist,
| create it. In that key, create a new DWORD named "Compatibility
Flags", make
| the value 400.
|
| Should result in a value that looks like this: 0x000000400 (1024)
|
| --
| Gary S. Terhune
| MS-MVP Shell/User
|
|
| "Just me" <Justme489@myLink.com> wrote in message
| news:5ltbg1l8a3i1dra4adsip58cofhobrpslq@4ax.com...
| >I had taken note on 7/19/05 of this critical update, which I was
going
| > to update later on. Today this critical update is no longer at the
| > Windows Update site. Checked my installed updates, in case I had
| > updated it but forgot about it, but the update is no longer there.
| >
| > Below is the note I had written down:
| >
| > Security Update for JView Profiler (KB903235), 105 kb.
| > MS05-037
| > Issued: July 12, 2005
| > Version: 1.0
| > JView Profiler (Javaprxy.dll)
| > This update sets the "kill Bit" for JView Profiler (Javaprxy.dll).
| >
| > My question: Is this ciritcal update for Windows 98 SE, and if so,
| > where can it be updated from?
| >
| > Thanks to all for your help.
| >
| >
|
|
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Thanks, PCR. Been looking at too much Registry stuff this morning. Eyes
started getting blurry.

--
Gary S. Terhune
MS-MVP Shell/User

"PCR" <pcrrcp@netzero.net> wrote in message
news:uMII9SPpFHA.320@TK2MSFTNGP09.phx.gbl...
>| In short: Open REGEDIT and navigate to HKLM\Software\Internet
> | Explorer\ActiveX Compatibility.
>
> HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX
> Compatibility\{03D9F3F2-B0E3-11D2-B081-006008039BF0}
> Compatibility Flags 0x00000400 (1024) <<DWORD Value
>
> Without "Microsoft", all is lost.
>
>
> --
> Thanks or Good Luck,
> There may be humor in this post, and,
> Naturally, you will not sue,
> should things get worse after this,
> PCR
> pcrrcp@netzero.net
> "Gary S. Terhune" <grystnews@mvps.org> wrote in message
> news:ukeOlKOpFHA.3408@tk2msftngp13.phx.gbl...
> | Not sure what's up with the update, I'm checking into that. However,
> the
> | update performs a relatively simple registry hack that you can do
> yourself.
> | Note the following paragraph from MS05-037 (the pertaining Security
> | Bulletin):
> |
> | ------------------------------------------------------
> | Does this update contain any changes to functionality?
> | No. Since the JView Profiler COM object was not designed to be
> accessed
> | through Internet Explorer, this update sets the kill bit for the JView
> | Profiler (Javaprxy.dll) COM object. To help protect customers who have
> this
> | object installed, this update prevents it from being instantiated in
> | Internet Explorer. For more information about kill bits, see Microsoft
> | Knowledge Base Article 240797. The class identifier (CLSID) for this
> object
> | is '03D9F3F2-B0E3-11D2-B081-006008039BF0'.
> | ------------------------------------------------------
> |
> | In short: Open REGEDIT and navigate to HKLM\Software\Internet
> | Explorer\ActiveX Compatibility. Look at the CLSID keys under that for
> a key
> | named "03D9F3F2-B0E3-11D2-B081-006008039BF0'" If that key doesn't
> exist,
> | create it. In that key, create a new DWORD named "Compatibility
> Flags", make
> | the value 400.
> |
> | Should result in a value that looks like this: 0x000000400 (1024)
> |
> | --
> | Gary S. Terhune
> | MS-MVP Shell/User
> |
> |
> | "Just me" <Justme489@myLink.com> wrote in message
> | news:5ltbg1l8a3i1dra4adsip58cofhobrpslq@4ax.com...
> | >I had taken note on 7/19/05 of this critical update, which I was
> going
> | > to update later on. Today this critical update is no longer at the
> | > Windows Update site. Checked my installed updates, in case I had
> | > updated it but forgot about it, but the update is no longer there.
> | >
> | > Below is the note I had written down:
> | >
> | > Security Update for JView Profiler (KB903235), 105 kb.
> | > MS05-037
> | > Issued: July 12, 2005
> | > Version: 1.0
> | > JView Profiler (Javaprxy.dll)
> | > This update sets the "kill Bit" for JView Profiler (Javaprxy.dll).
> | >
> | > My question: Is this ciritcal update for Windows 98 SE, and if so,
> | > where can it be updated from?
> | >
> | > Thanks to all for your help.
> | >
> | >
> |
> |
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

If you actually have it, it will show up at...

(1) IE6, Help, About...
SP1, Q313829, Q328970, Q328389, Q324929, Q810847, Q813951, Q816506,
Q813489, Q330994, Q818529, Q822925, Q828750, Q824145, Q832894,
Q837009, Q831167, Q823353, Q867801, Q833989, Q834707, Q889293, Q867282,
Q891781, Q890923, Q883939, Q903235, & Q896727.

(2) "Control Panel, Add/Remove Programs"...
(a) Internet Explorer Q896727
(was Q883939, Q890923, Q891781, Q889293, Q834707, Q867801,
Q831167, Q832894, Q824145, Q828750, Q822925, Q818529)
(b) Internet Explorer Q903235 (was Q883939).

I took it when offered. Now, I cannot even see it in the Catalog...
http://v4.windowsupdate.microsoft.com/catalog/en/default.asp
....but, go look for yourself.

Here it is from my WU folder. (I take them into there, although I always
let the site do it's auto-download/install.)...
http://www.microsoft.com/technet/security/Bulletin/MS05-037.mspx
....BUT looks like it says you must get it from the Windows Update site.

I think this is the Registry key Terhune means to say...

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX
Compatibility\{03D9F3F2-B0E3-11D2-B081-006008039BF0}
Compatibility Flags 0x00000400 (1024) <<DWORD Value

....Do you have it?


--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcrrcp@netzero.net
"Just me" <Justme489@myLink.com> wrote in message
news:5ltbg1l8a3i1dra4adsip58cofhobrpslq@4ax.com...
| I had taken note on 7/19/05 of this critical update, which I was going
| to update later on. Today this critical update is no longer at the
| Windows Update site. Checked my installed updates, in case I had
| updated it but forgot about it, but the update is no longer there.
|
| Below is the note I had written down:
|
| Security Update for JView Profiler (KB903235), 105 kb.
| MS05-037
| Issued: July 12, 2005
| Version: 1.0
| JView Profiler (Javaprxy.dll)
| This update sets the "kill Bit" for JView Profiler (Javaprxy.dll).
|
| My question: Is this ciritcal update for Windows 98 SE, and if so,
| where can it be updated from?
|
| Thanks to all for your help.
|
|
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

It looks like to me you can download it here as per:

System Requirements
This update applies to Internet Explorer 6 Service Pack 1 (SP1) with the
following operating systems:
Windows XP SP1
Windows 2000 SP4
Windows 98
Windows 98SE
Windows Millennium
http://www.microsoft.com/downloads/details.aspx?familyid=2A506C16-01EF-4060-BCF8-6993C55840A9&displaylang=en

Rick



Just me wrote:
> I had taken note on 7/19/05 of this critical update, which I was going
> to update later on. Today this critical update is no longer at the
> Windows Update site. Checked my installed updates, in case I had
> updated it but forgot about it, but the update is no longer there.
>
> Below is the note I had written down:
>
> Security Update for JView Profiler (KB903235), 105 kb.
> MS05-037
> Issued: July 12, 2005
> Version: 1.0
> JView Profiler (Javaprxy.dll)
> This update sets the "kill Bit" for JView Profiler (Javaprxy.dll).
>
> My question: Is this ciritcal update for Windows 98 SE, and if so,
> where can it be updated from?
>
> Thanks to all for your help.
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Ah, the reason why they pulled it as I look through my software install
tracker history is that this last W98SE - MS05-038 896727 Cumulative
Security Update for IE6 also sets that:
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX
Compatibility\{03D9F3F2-B0E3-11D2-B081-006008039BF0}
Compatibility Flags 0x00000400 (1024) <<DWORD Value
already, along with "48" other ActiveX Compatibility keys too!
....anyway, I imagine the new IE supercedes that KB903235 and so is why
they pulled it.

Rick


Rick Chauvin wrote:
> It looks like to me you can download it here as per:
>
> System Requirements
> This update applies to Internet Explorer 6 Service Pack 1 (SP1) with the
> following operating systems:
> Windows XP SP1
> Windows 2000 SP4
> Windows 98
> Windows 98SE
> Windows Millennium
>
http://www.microsoft.com/downloads/details.aspx?familyid=2A506C16-01EF-4060-BCF8-6993C55840A9&displaylang=en
>
> Rick
>
>
>
> Just me wrote:
>> I had taken note on 7/19/05 of this critical update, which I was going
>> to update later on. Today this critical update is no longer at the
>> Windows Update site. Checked my installed updates, in case I had
>> updated it but forgot about it, but the update is no longer there.
>>
>> Below is the note I had written down:
>>
>> Security Update for JView Profiler (KB903235), 105 kb.
>> MS05-037
>> Issued: July 12, 2005
>> Version: 1.0
>> JView Profiler (Javaprxy.dll)
>> This update sets the "kill Bit" for JView Profiler (Javaprxy.dll).
>>
>> My question: Is this ciritcal update for Windows 98 SE, and if so,
>> where can it be updated from?
>>
>> Thanks to all for your help.
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

You are welcome. Well, you did say "in short", after all, which I guess
did cover it.


--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcrrcp@netzero.net
"Gary S. Terhune" <grystnews@mvps.org> wrote in message
news:eBEAklPpFHA.1204@TK2MSFTNGP12.phx.gbl...
| Thanks, PCR. Been looking at too much Registry stuff this morning.
Eyes
| started getting blurry.
|
| --
| Gary S. Terhune
| MS-MVP Shell/User
|
| "PCR" <pcrrcp@netzero.net> wrote in message
| news:uMII9SPpFHA.320@TK2MSFTNGP09.phx.gbl...
....snip
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Seems like that should explain it. But Just me can't find that CLSID in
his Registry...
03D9F3F2-B0E3-11D2-B081-006008039BF0

I'm beginning to wonder. What about the following? It doesn't come in
with the kill bit, does it...?...

REGEDIT4

[HKEY_CLASSES_ROOT\CLSID\{03D9F3F2-B0E3-11D2-B081-006008039BF0}]
@="JVIEW Profiler"

[HKEY_CLASSES_ROOT\CLSID\{03D9F3F2-B0E3-11D2-B081-006008039BF0}\InprocSe
rver32]
@="C:\\WINDOWS\\SYSTEM\\JAVAPRXY.DLL"
"ThreadingModel"="Both"


--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcrrcp@netzero.net
"Rick Chauvin" <justask@nospamz.com> wrote in message
news:Os$vDNQpFHA.320@TK2MSFTNGP09.phx.gbl...
| Ah, the reason why they pulled it as I look through my software
install
| tracker history is that this last W98SE - MS05-038 896727 Cumulative
| Security Update for IE6 also sets that:
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX
| Compatibility\{03D9F3F2-B0E3-11D2-B081-006008039BF0}
| Compatibility Flags 0x00000400 (1024) <<DWORD Value
| already, along with "48" other ActiveX Compatibility keys too!
| ...anyway, I imagine the new IE supercedes that KB903235 and so is
why
| they pulled it.
|
| Rick
|
|
| Rick Chauvin wrote:
| > It looks like to me you can download it here as per:
| >
| > System Requirements
| > This update applies to Internet Explorer 6 Service Pack 1 (SP1) with
the
| > following operating systems:
| > Windows XP SP1
| > Windows 2000 SP4
| > Windows 98
| > Windows 98SE
| > Windows Millennium
| >
|
http://www.microsoft.com/downloads/details.aspx?familyid=2A506C16-01EF-4060-BCF8-6993C55840A9&displaylang=en
| >
| > Rick
| >
| >
| >
| > Just me wrote:
| >> I had taken note on 7/19/05 of this critical update, which I was
going
| >> to update later on. Today this critical update is no longer at the
| >> Windows Update site. Checked my installed updates, in case I had
| >> updated it but forgot about it, but the update is no longer there.
| >>
| >> Below is the note I had written down:
| >>
| >> Security Update for JView Profiler (KB903235), 105 kb.
| >> MS05-037
| >> Issued: July 12, 2005
| >> Version: 1.0
| >> JView Profiler (Javaprxy.dll)
| >> This update sets the "kill Bit" for JView Profiler (Javaprxy.dll).
| >>
| >> My question: Is this ciritcal update for Windows 98 SE, and if so,
| >> where can it be updated from?
| >>
| >> Thanks to all for your help.
|
|
|
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

| Seems like that should explain it. But Just me can't find that CLSID
in
| his Registry...
| 03D9F3F2-B0E3-11D2-B081-006008039BF0

He may have attached a single quote to the end of that CLSID causing the
search to fail. In that case, perhaps the MS05-038 896727 Cumulative
really did give it to him.


--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcrrcp@netzero.net
"PCR" <pcrrcp@netzero.net> wrote in message
news:uferskRpFHA.1480@TK2MSFTNGP10.phx.gbl...
| Seems like that should explain it. But Just me can't find that CLSID
in
| his Registry...
| 03D9F3F2-B0E3-11D2-B081-006008039BF0
|
| I'm beginning to wonder. What about the following? It doesn't come in
| with the kill bit, does it...?...
|
| REGEDIT4
|
| [HKEY_CLASSES_ROOT\CLSID\{03D9F3F2-B0E3-11D2-B081-006008039BF0}]
| @="JVIEW Profiler"
|
|
[HKEY_CLASSES_ROOT\CLSID\{03D9F3F2-B0E3-11D2-B081-006008039BF0}\InprocSe
| rver32]
| @="C:\\WINDOWS\\SYSTEM\\JAVAPRXY.DLL"
| "ThreadingModel"="Both"
|
|
| --
| Thanks or Good Luck,
| There may be humor in this post, and,
| Naturally, you will not sue,
| should things get worse after this,
| PCR
| pcrrcp@netzero.net
| "Rick Chauvin" <justask@nospamz.com> wrote in message
| news:Os$vDNQpFHA.320@TK2MSFTNGP09.phx.gbl...
| | Ah, the reason why they pulled it as I look through my software
| install
| | tracker history is that this last W98SE - MS05-038 896727 Cumulative
| | Security Update for IE6 also sets that:
| | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX
| | Compatibility\{03D9F3F2-B0E3-11D2-B081-006008039BF0}
| | Compatibility Flags 0x00000400 (1024) <<DWORD Value
| | already, along with "48" other ActiveX Compatibility keys too!
| | ...anyway, I imagine the new IE supercedes that KB903235 and so is
| why
| | they pulled it.
| |
| | Rick
| |
| |
| | Rick Chauvin wrote:
| | > It looks like to me you can download it here as per:
| | >
| | > System Requirements
| | > This update applies to Internet Explorer 6 Service Pack 1 (SP1)
with
| the
| | > following operating systems:
| | > Windows XP SP1
| | > Windows 2000 SP4
| | > Windows 98
| | > Windows 98SE
| | > Windows Millennium
| | >
| |
|
http://www.microsoft.com/downloads/details.aspx?familyid=2A506C16-01EF-4060-BCF8-6993C55840A9&displaylang=en
| | >
| | > Rick
| | >
| | >
| | >
| | > Just me wrote:
| | >> I had taken note on 7/19/05 of this critical update, which I was
| going
| | >> to update later on. Today this critical update is no longer at
the
| | >> Windows Update site. Checked my installed updates, in case I had
| | >> updated it but forgot about it, but the update is no longer
there.
| | >>
| | >> Below is the note I had written down:
| | >>
| | >> Security Update for JView Profiler (KB903235), 105 kb.
| | >> MS05-037
| | >> Issued: July 12, 2005
| | >> Version: 1.0
| | >> JView Profiler (Javaprxy.dll)
| | >> This update sets the "kill Bit" for JView Profiler
(Javaprxy.dll).
| | >>
| | >> My question: Is this ciritcal update for Windows 98 SE, and if
so,
| | >> where can it be updated from?
| | >>
| | >> Thanks to all for your help.
| |
| |
| |
|
|
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Thanks for responding, Gary.

I'm using Windows 98SE with IE SP2 and now I'm not sure whether it
applies to me. But a month ago I'm sure I saw the update at the
Windows Update site as applying to me. I had made a note of it for a
later update. Today, however, the update was no longer there implying,
to me, that I may not need it afterall.

Below is what MS05-037 says under "Affected Components" at
http://www.microsoft.com/technet/security/bulletin/ms05-037.mspx
It reads in part:

"Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium
Edition -- Review the FAQ section of this bulletin for details about
these operating systems."

"Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on
Microsoft Windows 98 SE or on Microsoft Windows Millennium Edition
Review the FAQ section of this bulletin for details about these
operating systems."

From the above, seems that I may not need the update since I'm using
Win 98 SE with IE5.5. Am I correct in this?

I have all of the critical updates except the above and the Security
Update 891711 (MS05-002), which I've read that this latter may create
problems.

Again, thanks for responding.

John






On Fri, 19 Aug 2005 10:22:57 -0700, "Gary S. Terhune"
<grystnews@mvps.org> wrote:

>Not sure what's up with the update, I'm checking into that. However, the
>update performs a relatively simple registry hack that you can do yourself.
>Note the following paragraph from MS05-037 (the pertaining Security
>Bulletin):
>
>------------------------------------------------------
>Does this update contain any changes to functionality?
>No. Since the JView Profiler COM object was not designed to be accessed
>through Internet Explorer, this update sets the kill bit for the JView
>Profiler (Javaprxy.dll) COM object. To help protect customers who have this
>object installed, this update prevents it from being instantiated in
>Internet Explorer. For more information about kill bits, see Microsoft
>Knowledge Base Article 240797. The class identifier (CLSID) for this object
>is '03D9F3F2-B0E3-11D2-B081-006008039BF0'.
>------------------------------------------------------
>
>In short: Open REGEDIT and navigate to HKLM\Software\Internet
>Explorer\ActiveX Compatibility. Look at the CLSID keys under that for a key
>named "03D9F3F2-B0E3-11D2-B081-006008039BF0'" If that key doesn't exist,
>create it. In that key, create a new DWORD named "Compatibility Flags", make
>the value 400.
>
>Should result in a value that looks like this: 0x000000400 (1024)
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

I've punted the issue upstairs. We'll see what they say. Regardless of
whether it applies to your system or not, the patch *should_be* available at
WU Catalog.

Your logic is faulty. The patch isn't offered for versions of IE earlier
than 5.5 because those versions simply aren't supported any longer. Haven't
been for some time. That does *not* mean that earlier versions aren't
vulnerable, particularly earlier versions of IE5 (not sure about IE4.) I
would bet that your IE *is* vulnerable, and in any case, the kill-bit fix I
suggested won't harm your installation. The Active-X control involved isn't
supposed to be used in IE, anyway. This issue is a common one--Active-X
controls that aren't meant to be accessed by IE but manage to be hooked by
malware into doing so, with all the security issues that suggests. Setting
the kill-bit is the common solution. Pretty much that entire ActiveX
Compatibility key of the Registry consists of kill-bits. A similar issue is
currently top news in security circles regarding MSDDS.DLL (an Office 2000
file), and the same solution is suggested.

As for KB891711 (MS05-002), that *did* have problems when it was first
issued. A replacement patch was issued within a short time and no longer
causes any problems that I'm aware of. You *should* install KB891711 without
delay.

--
Gary S. Terhune
MS-MVP Shell/User

"Just me" <Justme489@myLink.com> wrote in message
news:29dcg1ditrlneoat46k4tci2d0nol6rupr@4ax.com...
> Thanks for responding, Gary.
>
> I'm using Windows 98SE with IE SP2 and now I'm not sure whether it
> applies to me. But a month ago I'm sure I saw the update at the
> Windows Update site as applying to me. I had made a note of it for a
> later update. Today, however, the update was no longer there implying,
> to me, that I may not need it afterall.
>
> Below is what MS05-037 says under "Affected Components" at
> http://www.microsoft.com/technet/security/bulletin/ms05-037.mspx
> It reads in part:
>
> "Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium
> Edition -- Review the FAQ section of this bulletin for details about
> these operating systems."
>
> "Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on
> Microsoft Windows 98 SE or on Microsoft Windows Millennium Edition
> Review the FAQ section of this bulletin for details about these
> operating systems."
>
> From the above, seems that I may not need the update since I'm using
> Win 98 SE with IE5.5. Am I correct in this?
>
> I have all of the critical updates except the above and the Security
> Update 891711 (MS05-002), which I've read that this latter may create
> problems.
>
> Again, thanks for responding.
>
> John
>
>
>
>
>
>
> On Fri, 19 Aug 2005 10:22:57 -0700, "Gary S. Terhune"
> <grystnews@mvps.org> wrote:
>
>>Not sure what's up with the update, I'm checking into that. However, the
>>update performs a relatively simple registry hack that you can do
>>yourself.
>>Note the following paragraph from MS05-037 (the pertaining Security
>>Bulletin):
>>
>>------------------------------------------------------
>>Does this update contain any changes to functionality?
>>No. Since the JView Profiler COM object was not designed to be accessed
>>through Internet Explorer, this update sets the kill bit for the JView
>>Profiler (Javaprxy.dll) COM object. To help protect customers who have
>>this
>>object installed, this update prevents it from being instantiated in
>>Internet Explorer. For more information about kill bits, see Microsoft
>>Knowledge Base Article 240797. The class identifier (CLSID) for this
>>object
>>is '03D9F3F2-B0E3-11D2-B081-006008039BF0'.
>>------------------------------------------------------
>>
>>In short: Open REGEDIT and navigate to HKLM\Software\Internet
>>Explorer\ActiveX Compatibility. Look at the CLSID keys under that for a
>>key
>>named "03D9F3F2-B0E3-11D2-B081-006008039BF0'" If that key doesn't exist,
>>create it. In that key, create a new DWORD named "Compatibility Flags",
>>make
>>the value 400.
>>
>>Should result in a value that looks like this: 0x000000400 (1024)
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Sorry, I got the history wrong in your case. Somehow thought you had IE
5.01. Anyway, the end-point is that you *do* need to set the kill-bit, and
the patch doesn't seem to be available. So do it manually.

Did I understand you correctly? Did you previously see this patch listed at
WU? Because the response from MS is to quote the following paragraph from
the Security Bulletin:

"Note Critical security updates for these operating systems may not
be available at the same time as the other security updates that
are included with this security bulletin. They will be made available as
soon as possible following the release. When these security updates are
available, you will be able to download them only from the Windows
Update Web site."

That would indicate that the patch has not yet been posted for Win9x
systems.

--
Gary S. Terhune
MS-MVP Shell/User


"Gary S. Terhune" <grystnews@mvps.org> wrote in message
news:%23EG1q4PpFHA.708@TK2MSFTNGP09.phx.gbl...
> I've punted the issue upstairs. We'll see what they say. Regardless of
> whether it applies to your system or not, the patch *should_be* available
> at WU Catalog.
>
> Your logic is faulty. The patch isn't offered for versions of IE earlier
> than 5.5 because those versions simply aren't supported any longer.
> Haven't been for some time. That does *not* mean that earlier versions
> aren't vulnerable, particularly earlier versions of IE5 (not sure about
> IE4.) I would bet that your IE *is* vulnerable, and in any case, the
> kill-bit fix I suggested won't harm your installation. The Active-X
> control involved isn't supposed to be used in IE, anyway. This issue is a
> common one--Active-X controls that aren't meant to be accessed by IE but
> manage to be hooked by malware into doing so, with all the security issues
> that suggests. Setting the kill-bit is the common solution. Pretty much
> that entire ActiveX Compatibility key of the Registry consists of
> kill-bits. A similar issue is currently top news in security circles
> regarding MSDDS.DLL (an Office 2000 file), and the same solution is
> suggested.
>
> As for KB891711 (MS05-002), that *did* have problems when it was first
> issued. A replacement patch was issued within a short time and no longer
> causes any problems that I'm aware of. You *should* install KB891711
> without delay.
>
> --
> Gary S. Terhune
> MS-MVP Shell/User
>
> "Just me" <Justme489@myLink.com> wrote in message
> news:29dcg1ditrlneoat46k4tci2d0nol6rupr@4ax.com...
>> Thanks for responding, Gary.
>>
>> I'm using Windows 98SE with IE SP2 and now I'm not sure whether it
>> applies to me. But a month ago I'm sure I saw the update at the
>> Windows Update site as applying to me. I had made a note of it for a
>> later update. Today, however, the update was no longer there implying,
>> to me, that I may not need it afterall.
>>
>> Below is what MS05-037 says under "Affected Components" at
>> http://www.microsoft.com/technet/security/bulletin/ms05-037.mspx
>> It reads in part:
>>
>> "Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium
>> Edition -- Review the FAQ section of this bulletin for details about
>> these operating systems."
>>
>> "Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on
>> Microsoft Windows 98 SE or on Microsoft Windows Millennium Edition
>> Review the FAQ section of this bulletin for details about these
>> operating systems."
>>
>> From the above, seems that I may not need the update since I'm using
>> Win 98 SE with IE5.5. Am I correct in this?
>>
>> I have all of the critical updates except the above and the Security
>> Update 891711 (MS05-002), which I've read that this latter may create
>> problems.
>>
>> Again, thanks for responding.
>>
>> John
>>
>>
>>
>>
>>
>>
>> On Fri, 19 Aug 2005 10:22:57 -0700, "Gary S. Terhune"
>> <grystnews@mvps.org> wrote:
>>
>>>Not sure what's up with the update, I'm checking into that. However, the
>>>update performs a relatively simple registry hack that you can do
>>>yourself.
>>>Note the following paragraph from MS05-037 (the pertaining Security
>>>Bulletin):
>>>
>>>------------------------------------------------------
>>>Does this update contain any changes to functionality?
>>>No. Since the JView Profiler COM object was not designed to be accessed
>>>through Internet Explorer, this update sets the kill bit for the JView
>>>Profiler (Javaprxy.dll) COM object. To help protect customers who have
>>>this
>>>object installed, this update prevents it from being instantiated in
>>>Internet Explorer. For more information about kill bits, see Microsoft
>>>Knowledge Base Article 240797. The class identifier (CLSID) for this
>>>object
>>>is '03D9F3F2-B0E3-11D2-B081-006008039BF0'.
>>>------------------------------------------------------
>>>
>>>In short: Open REGEDIT and navigate to HKLM\Software\Internet
>>>Explorer\ActiveX Compatibility. Look at the CLSID keys under that for a
>>>key
>>>named "03D9F3F2-B0E3-11D2-B081-006008039BF0'" If that key doesn't exist,
>>>create it. In that key, create a new DWORD named "Compatibility Flags",
>>>make
>>>the value 400.
>>>
>>>Should result in a value that looks like this: 0x000000400 (1024)
>>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

I saw that myself, but was able to look for Class Identifier
"03D9F3F2-B0E3-11D2-B081-006008039BF0'", which was not there.

On Fri, 19 Aug 2005 15:32:28 -0400, "PCR" <pcrrcp@netzero.net> wrote:

>| In short: Open REGEDIT and navigate to HKLM\Software\Internet
>| Explorer\ActiveX Compatibility.
>
>HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX
>Compatibility\{03D9F3F2-B0E3-11D2-B081-006008039BF0}
>Compatibility Flags 0x00000400 (1024) <<DWORD Value
>
>Without "Microsoft", all is lost.
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Good thinking, & that's how I did it too from Terhune's posting & the
article. Well, we know you didn't get the update, then, which provides
the kill bit...

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX
Compatibility\{03D9F3F2-B0E3-11D2-B081-006008039BF0}]
"Compatibility Flags"=dword:00000400

...., BUT what about this key & sub-key, do you have it...?...

REGEDIT4

[HKEY_CLASSES_ROOT\CLSID\{03D9F3F2-B0E3-11D2-B081-006008039BF0}]
@="JVIEW Profiler"

[HKEY_CLASSES_ROOT\CLSID\{03D9F3F2-B0E3-11D2-B081-006008039BF0}\InprocSe
rver32]
@="C:\\WINDOWS\\SYSTEM\\JAVAPRXY.DLL"
"ThreadingModel"="Both"


--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcrrcp@netzero.net
"Just me" <Justme489@myLink.com> wrote in message
news:mhfcg1pkho59bhcu7lt7cgs7hj4ns6ket8@4ax.com...
| I saw that myself, but was able to look for Class Identifier
| "03D9F3F2-B0E3-11D2-B081-006008039BF0'", which was not there.
|
| On Fri, 19 Aug 2005 15:32:28 -0400, "PCR" <pcrrcp@netzero.net> wrote:
|
| >| In short: Open REGEDIT and navigate to HKLM\Software\Internet
| >| Explorer\ActiveX Compatibility.
| >
| >HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX
| >Compatibility\{03D9F3F2-B0E3-11D2-B081-006008039BF0}
| >Compatibility Flags 0x00000400 (1024) <<DWORD Value
| >
| >Without "Microsoft", all is lost.
|
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

He should have those. Anyone with a Java VM installed would probably have
them. Those aren't the problem. The Active-X is perfectly safe when used as
intended. It's when it gets used in IE that problems occur. Thus, we use the
already-discussed solution to prevent IE, specifically, from using the
Active-X control.

--
Gary S. Terhune
MS-MVP Shell/User

"PCR" <pcrrcp@netzero.net> wrote in message
news:%23JDHpURpFHA.1148@TK2MSFTNGP12.phx.gbl...
> ..., BUT what about this key & sub-key, do you have it...?...
>
> REGEDIT4
>
> [HKEY_CLASSES_ROOT\CLSID\{03D9F3F2-B0E3-11D2-B081-006008039BF0}]
> @="JVIEW Profiler"
>
> [HKEY_CLASSES_ROOT\CLSID\{03D9F3F2-B0E3-11D2-B081-006008039BF0}\InprocSe
> rver32]
> @="C:\\WINDOWS\\SYSTEM\\JAVAPRXY.DLL"
> "ThreadingModel"="Both"
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

OK, thanks. I was just wondering why that other one wouldn't come up in
his Registry search. Perhaps it did, & he only meant the kill bit failed
to show. His wording was over-kill, then...

"I saw that myself, but was able to look for Class Identifier
"03D9F3F2-B0E3-11D2-B081-006008039BF0'", which was not there."

OOOPS! Just me, you've got a single quote in there before the second
double quote! Try that search again without it!


--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcrrcp@netzero.net
"Gary S. Terhune" <grystnews@mvps.org> wrote in message
news:OFWTzcRpFHA.3760@TK2MSFTNGP10.phx.gbl...
| He should have those. Anyone with a Java VM installed would probably
have
| them. Those aren't the problem. The Active-X is perfectly safe when
used as
| intended. It's when it gets used in IE that problems occur. Thus, we
use the
| already-discussed solution to prevent IE, specifically, from using the
| Active-X control.
|
| --
| Gary S. Terhune
| MS-MVP Shell/User
|
| "PCR" <pcrrcp@netzero.net> wrote in message
| news:%23JDHpURpFHA.1148@TK2MSFTNGP12.phx.gbl...
| > ..., BUT what about this key & sub-key, do you have it...?...
| >
| > REGEDIT4
| >
| > [HKEY_CLASSES_ROOT\CLSID\{03D9F3F2-B0E3-11D2-B081-006008039BF0}]
| > @="JVIEW Profiler"
| >
| >
[HKEY_CLASSES_ROOT\CLSID\{03D9F3F2-B0E3-11D2-B081-006008039BF0}\InprocSe
| > rver32]
| > @="C:\\WINDOWS\\SYSTEM\\JAVAPRXY.DLL"
| > "ThreadingModel"="Both"
| >
|
|
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Well, it is of course possible that JustMe doesn't have Java VM installed,
<s>.

--
Gary S. Terhune
MS-MVP Shell/User

"PCR" <pcrrcp@netzero.net> wrote in message
news:uu3M2qRpFHA.320@TK2MSFTNGP09.phx.gbl...
> OK, thanks. I was just wondering why that other one wouldn't come up in
> his Registry search. Perhaps it did, & he only meant the kill bit failed
> to show. His wording was over-kill, then...
>
> "I saw that myself, but was able to look for Class Identifier
> "03D9F3F2-B0E3-11D2-B081-006008039BF0'", which was not there."
>
> OOOPS! Just me, you've got a single quote in there before the second
> double quote! Try that search again without it!
>
>
> --
> Thanks or Good Luck,
> There may be humor in this post, and,
> Naturally, you will not sue,
> should things get worse after this,
> PCR
> pcrrcp@netzero.net
> "Gary S. Terhune" <grystnews@mvps.org> wrote in message
> news:OFWTzcRpFHA.3760@TK2MSFTNGP10.phx.gbl...
> | He should have those. Anyone with a Java VM installed would probably
> have
> | them. Those aren't the problem. The Active-X is perfectly safe when
> used as
> | intended. It's when it gets used in IE that problems occur. Thus, we
> use the
> | already-discussed solution to prevent IE, specifically, from using the
> | Active-X control.
> |
> | --
> | Gary S. Terhune
> | MS-MVP Shell/User
> |
> | "PCR" <pcrrcp@netzero.net> wrote in message
> | news:%23JDHpURpFHA.1148@TK2MSFTNGP12.phx.gbl...
> | > ..., BUT what about this key & sub-key, do you have it...?...
> | >
> | > REGEDIT4
> | >
> | > [HKEY_CLASSES_ROOT\CLSID\{03D9F3F2-B0E3-11D2-B081-006008039BF0}]
> | > @="JVIEW Profiler"
> | >
> | >
> [HKEY_CLASSES_ROOT\CLSID\{03D9F3F2-B0E3-11D2-B081-006008039BF0}\InprocSe
> | > rver32]
> | > @="C:\\WINDOWS\\SYSTEM\\JAVAPRXY.DLL"
> | > "ThreadingModel"="Both"
> | >
> |
> |
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

On Fri, 19 Aug 2005 15:33:02 -0400, "PCR" <pcrrcp@netzero.net> wrote:

>If you actually have it, it will show up at...
>
>(1) IE6, Help, About...
>SP1, Q313829, Q328970, Q328389, Q324929, Q810847, Q813951, Q816506,
>Q813489, Q330994, Q818529, Q822925, Q828750, Q824145, Q832894,
>Q837009, Q831167, Q823353, Q867801, Q833989, Q834707, Q889293, Q867282,
>Q891781, Q890923, Q883939, Q903235, & Q896727.

Not there.
>
>(2) "Control Panel, Add/Remove Programs"...
> (a) Internet Explorer Q896727
> (was Q883939, Q890923, Q891781, Q889293, Q834707, Q867801,
> Q831167, Q832894, Q824145, Q828750, Q822925, Q818529)
> (b) Internet Explorer Q903235 (was Q883939).
>

Not in Add/Remove either.

>I took it when offered. Now, I cannot even see it in the Catalog...
>http://v4.windowsupdate.microsoft.com/catalog/en/default.asp
>...but, go look for yourself.
>
Also, not in Catalog

>Here it is from my WU folder. (I take them into there, although I always
>let the site do it's auto-download/install.)...

My WUpdate folder in C:\ is empty. The one in D: drive got wiped when
D: drive was replaced a month ago due to problems.

Is there a file where it shows all my Windows Updates, besided lokking
in the Catalog? And how do you copy the updates from the Help->About
Internet Explorer and the Add/Remove listing.

>http://www.microsoft.com/technet/security/Bulletin/MS05-037.mspx
>...BUT looks like it says you must get it from the Windows Update site.
>
>I think this is the Registry key Terhune means to say...
>
>HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX
>Compatibility\{03D9F3F2-B0E3-11D2-B081-006008039BF0}
>Compatibility Flags 0x00000400 (1024) <<DWORD Value
>
>...Do you have it?
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

It seems you really don't have it, then. I think Terhune will talk you
through it or send it to you. Check for that other Registry key, though,
that I posted elsewhere. It should have come up in your search for...
"03D9F3F2-B0E3-11D2-B081-006008039BF0".


--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcrrcp@netzero.net
"Just me" <Justme489@myLink.com> wrote in message
news:nvfcg11f6u0dvrhrt87tlhp8d7pnutob5v@4ax.com...
| On Fri, 19 Aug 2005 15:33:02 -0400, "PCR" <pcrrcp@netzero.net> wrote:
|
| >If you actually have it, it will show up at...
| >
| >(1) IE6, Help, About...
| >SP1, Q313829, Q328970, Q328389, Q324929, Q810847, Q813951, Q816506,
| >Q813489, Q330994, Q818529, Q822925, Q828750, Q824145, Q832894,
| >Q837009, Q831167, Q823353, Q867801, Q833989, Q834707, Q889293,
Q867282,
| >Q891781, Q890923, Q883939, Q903235, & Q896727.
|
| Not there.
| >
| >(2) "Control Panel, Add/Remove Programs"...
| > (a) Internet Explorer Q896727
| > (was Q883939, Q890923, Q891781, Q889293, Q834707, Q867801,
| > Q831167, Q832894, Q824145, Q828750, Q822925, Q818529)
| > (b) Internet Explorer Q903235 (was Q883939).
| >
|
| Not in Add/Remove either.
|
| >I took it when offered. Now, I cannot even see it in the Catalog...
| >http://v4.windowsupdate.microsoft.com/catalog/en/default.asp
| >...but, go look for yourself.
| >
| Also, not in Catalog
|
| >Here it is from my WU folder. (I take them into there, although I
always
| >let the site do it's auto-download/install.)...
|
| My WUpdate folder in C:\ is empty. The one in D: drive got wiped when
| D: drive was replaced a month ago due to problems.
|
| Is there a file where it shows all my Windows Updates, besided lokking
| in the Catalog? And how do you copy the updates from the Help->About
| Internet Explorer and the Add/Remove listing.
|
| >http://www.microsoft.com/technet/security/Bulletin/MS05-037.mspx
| >...BUT looks like it says you must get it from the Windows Update
site.
| >
| >I think this is the Registry key Terhune means to say...
| >
| >HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX
| >Compatibility\{03D9F3F2-B0E3-11D2-B081-006008039BF0}
| >Compatibility Flags 0x00000400 (1024) <<DWORD Value
| >
| >...Do you have it?
|
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Yea, better check again! I think you put a single quote at the end first
time...

"Just me" <Justme489@myLink.com> wrote in message
news:mhfcg1pkho59bhcu7lt7cgs7hj4ns6ket8@4ax.com...
| I saw that myself, but was able to look for Class Identifier
| "03D9F3F2-B0E3-11D2-B081-006008039BF0'", which was not there.


--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcrrcp@netzero.net
"PCR" <pcrrcp@netzero.net> wrote in message
news:ucrNVdRpFHA.1048@tk2msftngp13.phx.gbl...
| It seems you really don't have it, then. I think Terhune will talk you
| through it or send it to you. Check for that other Registry key,
though,
| that I posted elsewhere. It should have come up in your search for...
| "03D9F3F2-B0E3-11D2-B081-006008039BF0".
|
|
| --
| Thanks or Good Luck,
| There may be humor in this post, and,
| Naturally, you will not sue,
| should things get worse after this,
| PCR
| pcrrcp@netzero.net
| "Just me" <Justme489@myLink.com> wrote in message
| news:nvfcg11f6u0dvrhrt87tlhp8d7pnutob5v@4ax.com...
| | On Fri, 19 Aug 2005 15:33:02 -0400, "PCR" <pcrrcp@netzero.net>
wrote:
| |
| | >If you actually have it, it will show up at...
| | >
| | >(1) IE6, Help, About...
| | >SP1, Q313829, Q328970, Q328389, Q324929, Q810847, Q813951, Q816506,
| | >Q813489, Q330994, Q818529, Q822925, Q828750, Q824145, Q832894,
| | >Q837009, Q831167, Q823353, Q867801, Q833989, Q834707, Q889293,
| Q867282,
| | >Q891781, Q890923, Q883939, Q903235, & Q896727.
| |
| | Not there.
| | >
| | >(2) "Control Panel, Add/Remove Programs"...
| | > (a) Internet Explorer Q896727
| | > (was Q883939, Q890923, Q891781, Q889293, Q834707, Q867801,
| | > Q831167, Q832894, Q824145, Q828750, Q822925, Q818529)
| | > (b) Internet Explorer Q903235 (was Q883939).
| | >
| |
| | Not in Add/Remove either.
| |
| | >I took it when offered. Now, I cannot even see it in the Catalog...
| | >http://v4.windowsupdate.microsoft.com/catalog/en/default.asp
| | >...but, go look for yourself.
| | >
| | Also, not in Catalog
| |
| | >Here it is from my WU folder. (I take them into there, although I
| always
| | >let the site do it's auto-download/install.)...
| |
| | My WUpdate folder in C:\ is empty. The one in D: drive got wiped
when
| | D: drive was replaced a month ago due to problems.
| |
| | Is there a file where it shows all my Windows Updates, besided
lokking
| | in the Catalog? And how do you copy the updates from the Help->About
| | Internet Explorer and the Add/Remove listing.
| |
| | >http://www.microsoft.com/technet/security/Bulletin/MS05-037.mspx
| | >...BUT looks like it says you must get it from the Windows Update
| site.
| | >
| | >I think this is the Registry key Terhune means to say...
| | >
| | >HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX
| | >Compatibility\{03D9F3F2-B0E3-11D2-B081-006008039BF0}
| | >Compatibility Flags 0x00000400 (1024) <<DWORD Value
| | >
| | >...Do you have it?
| |
|
|
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

On Fri, 19 Aug 2005 13:39:59 -0700, "Gary S. Terhune"
<grystnews@mvps.org> wrote:

>I've punted the issue upstairs. We'll see what they say. Regardless of
>whether it applies to your system or not, the patch *should_be* available at
>WU Catalog.
>
>Your logic is faulty. The patch isn't offered for versions of IE earlier
>than 5.5 because those versions simply aren't supported any longer. Haven't
>been for some time. That does *not* mean that earlier versions aren't
>vulnerable, particularly earlier versions of IE5 (not sure about IE4.) I
>would bet that your IE *is* vulnerable, and in any case, the kill-bit fix I
>suggested won't harm your installation. The Active-X control involved isn't
>supposed to be used in IE, anyway. This issue is a common one--Active-X
>controls that aren't meant to be accessed by IE but manage to be hooked by
>malware into doing so, with all the security issues that suggests. Setting
>the kill-bit is the common solution. Pretty much that entire ActiveX
>Compatibility key of the Registry consists of kill-bits. A similar issue is
>currently top news in security circles regarding MSDDS.DLL (an Office 2000
>file), and the same solution is suggested.
>
>As for KB891711 (MS05-002), that *did* have problems when it was first
>issued. A replacement patch was issued within a short time and no longer
>causes any problems that I'm aware of. You *should* install KB891711 without
>delay.


KB891711 just updated.

Thanks.

Now WU shows that I need only the following two:

Microsoft GDI+ Detection Tool (KB873374)
Microsoft Internet Explorer 6 Service Pack 1 (Windows 98, Windows Me)*

IE SP 1 I don't need as I have IE5.5 SP2. GDI+ Detection Tool I do not
understand what this is. :)

Still KB903235 is not in WU or in the Catalog.

I'm afraid to touch the Registry and would rather do it through WU.
Perhaps as a last resort I'll do it as you suggested. But, like I
said, I'm afraid that I'll muck up things here. :) Have spent too much
money on this old system.

Again, thanks to all.
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

I'd be glad to send you a REG file to do the job. Email me at
grystnews@mvps.org

--
Gary S. Terhune
MS-MVP Shell/User

"Just me" <Justme489@myLink.com> wrote in message
news:u0jcg1psp1nohkb9iitfvhgbtq2ujqk26l@4ax.com...
> On Fri, 19 Aug 2005 13:39:59 -0700, "Gary S. Terhune"
> <grystnews@mvps.org> wrote:
>
>>I've punted the issue upstairs. We'll see what they say. Regardless of
>>whether it applies to your system or not, the patch *should_be* available
>>at
>>WU Catalog.
>>
>>Your logic is faulty. The patch isn't offered for versions of IE earlier
>>than 5.5 because those versions simply aren't supported any longer.
>>Haven't
>>been for some time. That does *not* mean that earlier versions aren't
>>vulnerable, particularly earlier versions of IE5 (not sure about IE4.) I
>>would bet that your IE *is* vulnerable, and in any case, the kill-bit fix
>>I
>>suggested won't harm your installation. The Active-X control involved
>>isn't
>>supposed to be used in IE, anyway. This issue is a common one--Active-X
>>controls that aren't meant to be accessed by IE but manage to be hooked by
>>malware into doing so, with all the security issues that suggests. Setting
>>the kill-bit is the common solution. Pretty much that entire ActiveX
>>Compatibility key of the Registry consists of kill-bits. A similar issue
>>is
>>currently top news in security circles regarding MSDDS.DLL (an Office 2000
>>file), and the same solution is suggested.
>>
>>As for KB891711 (MS05-002), that *did* have problems when it was first
>>issued. A replacement patch was issued within a short time and no longer
>>causes any problems that I'm aware of. You *should* install KB891711
>>without
>>delay.
>
>
> KB891711 just updated.
>
> Thanks.
>
> Now WU shows that I need only the following two:
>
> Microsoft GDI+ Detection Tool (KB873374)
> Microsoft Internet Explorer 6 Service Pack 1 (Windows 98, Windows Me)*
>
> IE SP 1 I don't need as I have IE5.5 SP2. GDI+ Detection Tool I do not
> understand what this is. :)
>
> Still KB903235 is not in WU or in the Catalog.
>
> I'm afraid to touch the Registry and would rather do it through WU.
> Perhaps as a last resort I'll do it as you suggested. But, like I
> said, I'm afraid that I'll muck up things here. :) Have spent too much
> money on this old system.
>
> Again, thanks to all.
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

On Fri, 19 Aug 2005 14:18:48 -0700, "Gary S. Terhune"
<grystnews@mvps.org> wrote:

>Did I understand you correctly? Did you previously see this patch listed at
>WU?

Gary, I have a notation in front of me dated 7/19/05. That is a month
ago today. I usually wait for WU to take me to the Windows Update site
automatically each month. Oftentime I do not do the updates until I
read a little more about them in this NG.

The notation that I have is about KB903235, KB888113 and KB891711.
I have also written down additional details about each of the three
KBs. Seems that I could only have gotten this info from the WU site.
Notice the 7/19/05 date, which corresponds with today's, 8/19/05
automatic update one month later. I only go to the WU site when
connected automatically.

What my note above says is that as of 7/19/05 I hadn't updated the
above three.

Today I was again connected to WU automatically upon clicking on the
IE browser. Went back to my notes and all 3 of the above updates were
there, except for KB903235. Updated the KB888113 earlier today and,
upon your advise, just updated the 891711.

John
 
G

Guest

Guest
Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Well, the other possibility is that it was included in a subsequent Roll-up
update and removed as a stand-alone. Haven't looked into that one.

--
Gary S. Terhune
MS-MVP Shell/User

"Just me" <Justme489@myLink.com> wrote in message
news:jfjcg1d7966ntn1k5f9ltuq1smm4h2v695@4ax.com...
> On Fri, 19 Aug 2005 14:18:48 -0700, "Gary S. Terhune"
> <grystnews@mvps.org> wrote:
>
>>Did I understand you correctly? Did you previously see this patch listed
>>at
>>WU?
>
> Gary, I have a notation in front of me dated 7/19/05. That is a month
> ago today. I usually wait for WU to take me to the Windows Update site
> automatically each month. Oftentime I do not do the updates until I
> read a little more about them in this NG.
>
> The notation that I have is about KB903235, KB888113 and KB891711.
> I have also written down additional details about each of the three
> KBs. Seems that I could only have gotten this info from the WU site.
> Notice the 7/19/05 date, which corresponds with today's, 8/19/05
> automatic update one month later. I only go to the WU site when
> connected automatically.
>
> What my note above says is that as of 7/19/05 I hadn't updated the
> above three.
>
> Today I was again connected to WU automatically upon clicking on the
> IE browser. Went back to my notes and all 3 of the above updates were
> there, except for KB903235. Updated the KB888113 earlier today and,
> upon your advise, just updated the 891711.
>
> John
>
>