If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Here's a perfect example of win-98 vulnerability DISinformation
Have a look at this site:
http://www.lbl.gov/cyber/vulnerabili...chive_h-l.html Scroll down to the "Korgo Worm". Read this: ------------------- The Korgo worm (also known as Worm.Win32.Padobot.b or Exploit-Lsass.gen) infects Windows systems such as Windows 98, NT, 2000 and XP. It exploits a buffer overflow vulnerability in Windows Local Security Authority System Services (lsass.exe), as described in Microsoft Security Bulletin 04-011. Various mutants of the Korgo worm have been identified. ------------------- Ok, so an authoritative source is stating that the Korgo worm affects win-98 (even though win-98 does not run the lsass service). So let's look at MS bulletin 04-011: http://www.microsoft.com/technet/sec.../MS04-011.mspx The date is April - August 2004. Win-98 is still fully supported by Micro$haft at that time. Note the list of Affected Software - particularly the last entry: --------------------- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) – Review the FAQ section of this bulletin for details about these operating systems. --------------------- Now why come out and make that cryptic statement? Why not come right out in the open and just say if 98/me is affected? Is this Microsoft's attempt to give the casual reader the impression that this bulletin applies to 98/me, so by extension win-98/me is vulnerable to the Korgo worm? Let's expand and read the FAQ section: -------------------- How does the extended support for Windows 98, Windows 98 Second Edition, and Windows Millennium Edition affect the release of security updates for these operating systems? Microsoft will only release security updates for critical security issues. Non-critical security issues are not offered during this support period. --------------------- Now what exactly does that statement mean? Do you notice that Microsoft's first mention of 98/me in this FAQ section does not address the most obvious question - which is - is 98/me vulnerable to this exploit? Why Microsoft decided to answer a question that was probably never contimplated by anyone reading this bulletin is beyond strange. Microsoft is trying REAL HARD to evade the real question. The Q and A they give above is designed to cloud the support status of Win-98. Hopefully the reader will stop reading at this point and believe that maybe win-98 is vulnerable, and that Microsoft won't provide a fix because it's not critical. Let's keep reading: --------------------- Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition critically affected by any of the vulnerabilities that are addressed in this security bulletin? No. None of these vulnerabilities are critical in severity on Windows 98, on Windows 98 Second Edition, or on Windows Millennium Edition. --------------------- Now why is Microsoft making a distinction between a critical and non-critical vulnerability with regard to 9x/me, while they do not add these classifiers to the affected OS's (NT, 2K, XP, 2K3) ??? Do we know if the affected OS's are critically or non-critically vulnerable to MS04-011? Macro$haft says that 98/me is "not critically affected" by MS04-011. Is the reader supposed to assume that 98/me is vulnerable to MS04-011 - but not critically vulnerable? Or perhaps not vulnerable in any way? Is Microsoft trying to downplay win-98's invulnerability to these many exploits that are targeting NT-based OS's? Does it embarass Micro$tink that the OS they desperately want to kill off is fairing better against the big bad internet then their flagship, hot-**** NT OS's? It's no wonder that third-party technical writers (and even the US gov't) were bamboozled by Microsoft's security bulletins and the spin they tried to put on the vulnerablity of win-98/me to new and emerging exploits. |
#2
|
|||
|
|||
Here's a perfect example of win-98 vulnerability DISinformation
On 12/29/2009 09:05 PM, 98 Guy wrote: Korgo Worm What happened, didn't you read ALL the information and materials or did you just forget how worms work and variants... and there IS the wmf and ICS, and a couple others that do come into play in 9X, depending upon what applications {like NetMeeting and IIS} and activities are occurring... http://www.avira.com/en/threats/sect...rgo.f.var.html http://www.avira.com/en/threats/sect...m_korgo.u.html http://www.symantec.com/security_res...011215-5924-99 http://www.iss.net/security_center/r...o-backdoor.htm http://www.auscert.org.au/render.html?it=44&offset=665 The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows 7, Windows Vista, Windows Server 2003, Windows Server 2008, Windows XP, or Windows 2000 http://support.microsoft.com/kb/890830 Cyber Security Bulletin SB04-203 http://www.us-cert.gov/cas/bulletins/SB04-203.html http://en.wikipedia.org/wiki/Local_S...system_Service http://www.dslreports.com/forum/remark,10952235 Also Known As: W32/Korgo.worm.gen [McAfee] Type: Worm Infection Length: 11,776 bytes Systems Affected: Windows 2000, Windows XP Systems Not Affected: DOS, Linux, Macintosh, Novell Netware, OS/2, UNIX, Windows 3.x, Windows 95, Windows 98, Windows Me, Windows NT AND SINCE YOU BROUGHT IT UP [really, I understand, it is a long document/article, updated several times, so you didn't check for dates and actually read it did you]: http://www.microsoft.com/technet/sec.../MS04-011.mspx Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition critically affected by any of the vulnerabilities that are addressed in this security bulletin? No. None of these vulnerabilities are critical in severity on Windows 98, on Windows 98 Second Edition, or on Windows Millennium Edition. {MEB - seems *No* would be a pretty definitive statement, but we MUST actually read what CAN affect 9X and WHY so we know for sure} Vulnerability Details LSASS Vulnerability - CAN-2003-0533: A buffer overrun vulnerability exists in LSASS that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take complete control of the affected system. Mitigating Factors for LSASS Vulnerability - CAN-2003-0533: Only Windows 2000 and Windows XP can be remotely attacked by an anonymous user. While Windows Server 2003 and Windows XP 64-Bit Edition Version 2003 contain the vulnerability, only a local administrator could exploit it. Windows NT 4.0 is not affected by this vulnerability. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. .... Block the following at the firewall: UDP ports 135, 137, 138, and 445, and TCP ports 135, 139, 445, and 593 All unsolicited inbound traffic on ports greater than 1024 Any other specifically configured RPC port These ports are used to initiate a connection with RPC. Blocking them at the firewall will help prevent systems that are behind that firewall from attempts to exploit this vulnerability. Also, make sure that you block any other specifically configured RPC port on the remote system. Microsoft recommends that you block all unsolicited inbound communication from the Internet to help prevent attacks that may use other ports. For more information about the ports that RPC uses, visit the following Web site. Enable advanced TCP/IP filtering on systems that support this feature. You can enable advanced TCP/IP filtering to block all unsolicited inbound traffic. For more information about how to configure TCP/IP filtering, see Microsoft Knowledge Base Article 309798. Block the affected ports by using IPSec on the affected systems. Use Internet Protocol Security (IPSec) to help protect network communications. Detailed information about IPSec and how to apply filters is available in Microsoft Knowledge Base Articles 313190 and 813878. .... What systems are primarily at risk from the vulnerability? Windows 2000 and Windows XP are primarily at risk from this vulnerability. Windows Server 2003 and Windows XP 64-Bit Edition Version 2003 provide additional protection that would require an administrator to log on locally to an affected system to exploit this vulnerability. .... LDAP Vulnerability - CAN-2003-0663: This vulnerability only affects Windows 2000 Server domain controllers; Windows Server 2003 domain controllers are not affected. Windows NT 4.0 and Windows XP are not affected by this vulnerability. .... Block LDAP TCP ports 389, 636, 3268, and 3269 at your firewall. .... PCT Vulnerability - CAN-2003-0719: Only systems that have enabled SSL are affected, typically only server systems. SSL support is not enabled by default on any of the affected systems. However, SSL is generally used on Web servers to support electronic commerce programs, online banking, and other programs that require secure communications. Windows Server 2003 is only vulnerable to this issue if an administrator has manually enabled PCT (even if SSL has been enabled) .... FAQ for PCT Vulnerability - CAN-2003-0719: What’s the scope of the vulnerability? .... All programs that use SSL could be affected. Although SSL is generally associated with Internet Information Services by using HTTPS and port 443, any service that implements SSL on an affected platform is likely to be vulnerable. .... What causes the vulnerability? The process used by the SSL Library to check message inputs. .... Winlogon Vulnerability - CAN-2003-0806: Only Windows NT 4.0, Windows 2000, and Windows XP systems that are members of a domain are affected by this vulnerability. Windows Server 2003 is not affected by this vulnerability. .... What systems are primarily at risk from the vulnerability? Only Windows NT 4.0, Windows 2000, and Windows XP systems that are members of a domain are affected by this vulnerability. .... Metafile Vulnerability - CAN-2003-0906: A buffer overrun vulnerability exists in the rendering of Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats that could allow remote code execution on an affected system. Any program that renders WMF or EMF images on the affected systems could be vulnerable to this attack. An attacker who successfully exploited this vulnerability could take complete control of an affected system. .... Mitigating Factors for Metafile Vulnerability - CAN-2003-0906: • The vulnerability could only be exploited by an attacker who persuaded a user to open a specially crafted file or to view a directory that contains the specially crafted image. There is no way for an attacker to force a user to open a malicious file. • In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site. .... Workarounds for Metafile Vulnerability - CAN-2003-0906: Microsoft has tested the following workarounds. While these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified below. • Read e-mail messages in plain text format if you are using Outlook 2002 or later, or Outlook Express 6 SP1 or later, to help protect yourself from the HTML e-mail attack vector. Microsoft Outlook 2002 users who have applied Office XP Service Pack 1 or later and Microsoft Outlook Express 6 users who have applied Internet Explorer 6 Service Pack 1 can enable this setting and view all non-digitally signed e-mail messages or non-encrypted e-mail messages in plain text only. .... What systems are primarily at risk from the vulnerability? The vulnerability could only be exploited on the affected systems by an attacker who persuaded a user to open a specially crafted file or view a directory that contains the specially crafted image. There is no way for an attacker to force a user to open a malicious file. In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site. .... Help and Support Center Vulnerability - CAN-2003-0907: A remote code execution vulnerability exists in the Help and Support Center because of the way that it handles HCP URL validation. An attacker could exploit the vulnerability by constructing a malicious HCP URL that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system. Mitigating Factors for Help and Support Center Vulnerability - CAN-2003-0907: • In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site. • By default, Outlook Express 6, Outlook 2002, and Outlook 2003 open HTML e-mail messages in the Restricted sites zone. Additionally, Outlook 98 and Outlook 2000 open HTML e-mail messages in the Restricted sites zone if the Outlook E-mail Security Update has been installed. The Restricted sites zone helps reduce attacks that could attempt to exploit this vulnerability. The risk of attack from the HTML e-mail vector can be significantly reduced if you meet all of the following conditions: Apply the update that is included with Microsoft Security Bulletin MS03-040 or a later Cumulative Security Update for Internet Explorer. Use Internet Explorer 6 or later. Use the Microsoft Outlook E-mail Security Update, use Microsoft Outlook Express 6 or later, or use Microsoft Outlook 2000 Service Pack 2 or later in its default configuration. .... Windows NT 4.0 and Windows 2000 are not affected by this vulnerability. .... Utility Manager Vulnerability - CAN-2003-0908: Windows NT 4.0, Windows XP, and Windows Server 2003 are not affected by this vulnerability. Windows NT 4.0 does not implement the Utility Manager. .... Windows Management Vulnerability - CAN-2003-0909 Windows NT 4.0, Windows 2000, and Windows Server 2003 are not affected by this vulnerability. What systems are primarily at risk from the vulnerability? Only Windows XP is affected by this vulnerability. .... Local Descriptor Table Vulnerability - CAN-2003-0910 Mitigating Factors for Local Descriptor Table Vulnerability - CAN-2003-0910: An attacker must have valid logon credentials and be able to logon locally to exploit this vulnerability. It could not be exploited remotely. Windows XP and Windows Server 2003 are not affected by this vulnerability. .... H.323 Vulnerability - CAN-2004-0117 Mitigating Factors for H.323 Vulnerability - CAN-2004-0117: In the most common scenarios, NetMeeting (which uses H.323) must be running to become vulnerable. In the most common scenarios, systems that use Internet Connection Firewall (ICF) and that do not run any H.323-based applications are not vulnerable. Windows NT 4.0 is not affected by this vulnerability unless the stand-alone version of NetMeeting has been manually installed by an administrator. ..... Block ports TCP 1720 and TCP 1503 both inbound and outbound at the firewall. .... What causes the vulnerability? Unchecked buffers in Microsoft’s H.323 implementation. What is H.323? H.323 is an ITU standard that specifies how PCs, equipment, and services for multimedia communicate over networks that do not provide a guaranteed level of service, such as the Internet. H.323 terminals and equipment can carry real-time video, voice, data, or any combination of these elements. Products that use H.323 for audio and video let users connect and communicate with other people over the Internet, just as people using different makes and models of telephones can communicate using the telephone. What affected applications use the H.323 protocol? The H.323 protocol is implemented in a number of Microsoft applications and operating system components. This issue may affect systems that have one or more of the following services or applications running: Telephony Application Programming Interface (TAPI)-based applications NetMeeting Internet Connection Firewall (ICF) Internet Connection Sharing The Microsoft Routing and Remote Access service .... What is TAPI? Windows Telephony Applications Programming Interface (TAPI) is a part of the Windows Open System Architecture. By using TAPI, developers can create telephony applications. TAPI is an open industry standard, defined with significant and ongoing input from the worldwide telephony and computing community. Because TAPI is hardware-independent, compatible applications can run on a variety of PC and telephony hardware and can support a variety of network services. TAPI implements the H.323 protocol. Applications that use TAPI could be vulnerable to the issue that is described in this bulletin. .... Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition critically affected by this vulnerability? No. Although these operating systems may contain NetMeeting, the vulnerability is not critical on these operating systems. As a method of addressing this vulnerability, you can download and install the stand-alone version of NetMeeting for these operating systems from the following Web site. For more information about severity ratings, visit the following Web site. .... What is Internet Connection Sharing? By using Internet Connection Sharing users can connect one system to the Internet and share Internet service with several other systems on a home or small office network. The Network Setup Wizard in Windows XP automatically provides all the network settings that are necessary to share one Internet connection with all the systems in a network. Each system can use programs such as Internet Explorer and Outlook Express as if the system were directly connected to the Internet. Internet Connection Sharing is a feature of Windows 2000, Windows XP, and Windows Server 2003 but is not enabled by default on any of the affected systems. If I have enabled Internet Connection Sharing, but I have not enabled Internet Connection Firewall, am I vulnerable? Yes, Internet Connection Sharing enables the ports that could allow a system to become vulnerable to this issue. If ICF and Internet Connection Sharing are running, this attack could not occur unless the user was also using NetMeeting, or had manually opened port 1503 or port 1720. .... What systems are primarily at risk from the vulnerability? Systems that are running NetMeeting or that are running an H.323-based program. .... Virtual DOS Machine Vulnerability - CAN-2004-0118: Windows XP and Windows Server 2003 are not affected by this vulnerability. .... What is the Virtual DOS Machine subsystem? A Virtual DOS Machine (VDM) is a environment that emulates MS-DOS and DOS-based Windows in Windows NT-based operating systems. A VDM is created whenever a user starts an MS-DOS application on a Windows NT-based operating system. .... Negotiate SSP Vulnerability - CAN-2004-0119 The Negotiate SSP interface is also enabled by default in Internet Information Services (IIS). However, only Windows 2000 (IIS 5.0) and Windows Server 2003 Web Server Edition (IIS 6.0) install Internet Information Services (IIS) by default. Windows NT 4.0 is not affected by this vulnerability. .... Impact of Workaround: Any IIS-based applications that require Windows NT Challenge/Response authentication (NTLM) or Kerberos authentication will no longer function correctly. .... What systems are primarily at risk from the vulnerability? All affected systems could be vulnerable to this issue by default. Furthermore, by default, systems that are running Internet Information Services 5.0, Internet Information Services 5.1, and Internet Information Services 6.0 are also vulnerable to this issue through any listening port. .... SSL Vulnerability - CAN-2004-0120: Mitigating Factors for SSL Vulnerability - CAN-2004-0120: • Only systems that have enabled SSL are affected, typically only server systems. SSL support is not enabled by default on any of the affected systems. However, SSL is generally used on Web servers to support electronic commerce programs, online banking, and other programs that require secure communications. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. Windows NT 4.0 is not affected by this vulnerability. .... Block ports 443 and 636 at the firewall Port 443 is used to receive SSL traffic. Port 636 is used for LDAP SSL connections (LDAPS). Blocking them at the firewall will help prevent systems that are behind that firewall from attempts to exploit this vulnerability. Other ports may be found that could be used to exploit this vulnerability. However, the ports listed here are the most common attack vectors. Microsoft recommends blocking all unsolicited inbound communication from the Internet to help prevent attacks that may use other ports. Impact of Workaround: If ports 443 or 636 are blocked, the affected systems can no longer accept external connections using SSL or LDAPS. .... What is the Microsoft Secure Sockets Layer library? The Microsoft Secure Sockets Layer library contains support for a number of secure communication protocols. These include Transport Layer Security 1.0 (TLS 1.0), Secure Sockets Layer 3.0 (SSL 3.0), the older and seldom-used Secure Sockets Layer 2.0 (SSL 2.0), and Private Communication Technology 1.0 (PCT 1.0) protocol. These protocols provide an encrypted connection between a server and a client system. SSL can help protect information when users connect across public networks such as the Internet. SSL support requires an SSL certificate, which must be installed on a server. For more information about SSL, see Microsoft Knowledge Base Article 245152. .... What systems are primarily at risk from the vulnerability? All systems that have SSL enabled are vulnerable. Although SSL is generally associated with Internet Information Services by using HTTPS and port 443, any service that implements SSL on an affected platform is likely to be vulnerable. This includes but is not limited to Internet Information Services 4.0, Internet Information Services 5.0, Internet Information Services 5.1, Exchange Server 5.5, Exchange Server 2000, Exchange Server 2003, Analysis Services 2000 (included with SQL Server 2000), and any third-party programs that use SSL. .... ASN.1 “Double Free” Vulnerability - CAN-2004-0123 What is ASN.1? Abstract Syntax Notation 1 (ASN.1) is a language that is used to define standards. It is used by many applications and devices in the technology industry to allow data exchange across various platforms. ASN.1 has no direct relationship to any specific standard, encoding method, programming language, or hardware platform. For more information about ASN.1, see Microsoft Knowledge Base Article 252648. What might an attacker use the vulnerability to do? An attacker who successfully exploited this vulnerability to allow code execution could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges. .... What systems are primarily at risk from this vulnerability? Server systems are at greater risk than client systems because they are more likely to have a server process running that decodes ASN.1 data. Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition critically affected by this vulnerability? No. Although Windows Millennium Edition does contain the affected component, the vulnerability is not critical. For more information on severity ratings, visit the following Web site. .... AND SINCE YOU ARE CONSTANTLY SUGGESTING WIN2K FILES BE INSTALLED IN WIN9X: Date Time Version Size File name Folder ----------------------------------------------------------------------- 24-Mar-2004 02:17 5.0.2195.6876 388,368 Advapi32.dll 24-Mar-2004 02:17 5.0.2195.6824 42,256 Basesrv.dll 24-Mar-2004 02:17 5.0.2195.6866 69,904 Browser.dll 24-Mar-2004 02:17 5.0.2195.6901 394,512 Callcont.dll 21-Sep-2003 00:45 5.0.2195.6824 236,304 Cmd.exe 24-Mar-2004 02:17 5.131.2195.6824 543,504 Crypt32.dll 24-Mar-2004 02:17 5.131.2195.6824 61,200 Cryptnet.dll 24-Mar-2004 02:17 5.0.2195.6868 76,048 Cryptsvc.dll 24-Mar-2004 02:17 5.0.2195.6824 134,928 Dnsapi.dll 24-Mar-2004 02:17 5.0.2195.6876 92,432 Dnsrslvr.dll 24-Mar-2004 02:17 5.0.2195.6883 47,888 Eventlog.dll 24-Mar-2004 02:17 5.0.2195.6898 242,448 Gdi32.dll 24-Mar-2004 02:17 5.0.2195.6901 255,248 H323.tsp 24-Mar-2004 00:46 502 Hfsecper.inf 17-Mar-2004 21:50 502 Hfsecupd.inf 24-Mar-2004 02:17 5.0.2195.6902 442,640 Ipnathlp.dll 24-Mar-2004 02:17 5.0.2195.6890 143,632 Kdcsvc.dll 11-Mar-2004 02:37 5.0.2195.6903 210,192 Kerberos.dll 24-Mar-2004 02:17 5.0.2195.6897 742,160 Kernel32.dll 21-Sep-2003 00:32 5.0.2195.6824 71,888 Ksecdd.sys 11-Mar-2004 02:37 5.0.2195.6902 520,976 Lsasrv.dll 25-Feb-2004 23:59 5.0.2195.6902 33,552 Lsass.exe 24-Mar-2004 02:17 5.0.2195.6898 37,136 Mf3216.dll 10-Feb-2004 19:47 5.0.2195.6897 30,160 Mountmgr.sys 24-Mar-2004 02:17 5.0.2195.6824 54,544 Mpr.dll 24-Mar-2004 02:17 5.0.2195.6905 53,520 Msasn1.dll 24-Mar-2004 02:17 5.0.2195.6895 335,120 Msgina.dll 24-Mar-2004 02:17 5.0.2195.6901 249,616 Mst120.dll 11-Mar-2004 02:37 5.0.2195.6897 123,152 Msv1_0.dll 24-Mar-2004 02:17 5.0.2195.6897 312,592 Netapi32.dll 24-Mar-2004 02:17 5.0.2195.6891 371,472 Netlogon.dll 24-Mar-2004 02:17 5.0.2195.6901 62,224 Nmcom.dll 24-Mar-2004 02:17 5.0.2195.6899 497,936 Ntdll.dll 24-Mar-2004 02:17 5.0.2195.6896 1,028,880 Ntdsa.dll 25-Feb-2004 23:55 5.0.2195.6902 1,699,904 Ntkrnlmp.exe 25-Feb-2004 23:55 5.0.2195.6902 1,699,264 Ntkrnlpa.exe 25-Feb-2004 23:55 5.0.2195.6902 1,720,064 Ntkrpamp.exe 11-Mar-2004 02:37 5.0.2195.6902 1,726,032 Ntoskrnl.exe 24-Mar-2004 02:17 5.0.2195.6824 115,984 Psbase.dll 24-Mar-2004 02:17 5.0.2195.6892 90,264 Rdpwd.sys 24-Mar-2004 02:17 5.0.2195.6897 49,936 Samlib.dll 24-Mar-2004 02:17 5.0.2195.6897 388,368 Samsrv.dll 24-Mar-2004 02:17 5.0.2195.6893 111,376 Scecli.dll 24-Mar-2004 02:17 5.0.2195.6903 253,200 Scesrv.dll 11-Mar-2004 02:37 5.1.2195.6899 143,120 Schannel.dll 19-Jun-2003 20:05 5.0.2195.6707 17,168 Seclogon.dll 24-Mar-2004 02:17 5.0.2195.6894 971,536 Sfcfiles.dll 05-Feb-2004 20:18 5.0.2195.6896 5,869,056 Sp3res.dll 24-Mar-2004 02:17 1.0.0.4 27,920 Umandlg.dll 24-Mar-2004 02:17 5.0.2195.6897 403,216 User32.dll 05-Aug-2003 22:14 5.0.2195.6794 385,808 Userenv.dll 24-Mar-2004 02:17 5.0.2195.6824 50,960 W32time.dll 21-Sep-2003 00:32 5.0.2195.6824 57,104 W32tm.exe 11-Mar-2004 02:37 5.0.2195.6897 1,720,368 Win32k.sys 12-Dec-2003 21:38 5.1.2600.1327 311,296 Winhttp.dll 11-Mar-2004 02:37 5.0.2195.6898 181,520 Winlogon.exe 25-Sep-2003 18:08 5.0.2195.6826 243,984 Winsrv.dll 24-Mar-2004 02:17 5.131.2195.6824 167,184 Wintrust.dll 24-Mar-2004 02:17 5.0.2195.6897 742,160 Kernel32.dll Uniproc 24-Mar-2004 02:17 5.0.2195.6899 497,936 Ntdll.dll Uniproc 11-Mar-2004 02:37 5.0.2195.6897 1,720,368 Win32k.sys Uniproc 25-Sep-2003 18:08 5.0.2195.6826 243,984 Winsrv.dll Uniproc {MEB - My guess is these would foobar Win9X, why don't you install them all *98 Guy* and test them for us. OF course, several of these WERE updated in Win9X during support specifically due to these and other vulnerabilities.} .... Disclaimer: The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Revisions: V1.0 April 13, 2004: Bulletin published V1.1 April 21, 2004: Bulletin updated to reflect updated information in the Update Replacement Section. Bulletin has also been updated to reflect the change in the MBSA detection behavior as described in the updated FAQ section. The bulletin also contains revisions to the workaround section for the Utility Manager Vulnerability (CAN-2003-0908). V1.2 April 28, 2004: Updated Caveats section to reflect the availability of a revised Microsoft Knowledge Base Article 835732. It documents the currently known issues that customers may experience when installing this security update. The article also documents recommended solutions for these issues. V1.3 May 4, 2004: Added new information in the Workarounds section for the LSASS Vulnerability. V2.0 June 15, 2004: Updated bulletin to advise on the availability of an updated Windows NT 4.0 Workstation update for the Pan Chinese language. This update should be installed by customers even if the original update was installed. V2.1 August 10, 2004: Updated bulletin to modify the workaround section for the PCT Vulnerability when using Windows XP RTM. .... Of course we should see if any others might apply: http://www.microsoft.com/technet/sec.../MS04-044.mspx Affected Softwa Microsoft Windows NT Server 4.0 Service Pack 6a – Download the update Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 – Download the update Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4 – Download the update Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 – Download the update Microsoft Windows XP 64-Bit Edition Service Pack 1 – Download the update Microsoft Windows XP 64-Bit Edition Version 2003 – Download the update Microsoft Windows Server 2003 – Download the update Microsoft Windows Server 2003 64-Bit Edition – Download the update Non-Affected Softwa Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) *MAYBE* you're thinking of the newer lsass.exe {Local Security Authority System Services {lsass}}: http://www.vupen.com/english/advisories/2009/3433 which specifically relies upon lsass.exe rather than the service it once was, supplied via various files, like in 9X or applications therefore. -- MEB http://peoplescounsel.org/ref/windows-main.htm Windows Info, Diagnostics, Security, Networking http://peoplescounsel.org The "real world" of Law, Justice, and Government ___--- |
#3
|
|||
|
|||
Here's a perfect example of win-98 vulnerability DISinformation
MEB wrote:
Korgo Worm What happened, didn't you read ALL the information and materials Go back and read my post you moron. Read it completely. Then try to understand the point I was making. |
#4
|
|||
|
|||
Here's a perfect example of win-98 vulnerability DISinformation
On 12/31/2009 05:45 PM, 98 Guy wrote: MEB wrote: Korgo Worm What happened, didn't you read ALL the information and materials Go back and read my post you moron. Read it completely. Then try to understand the point I was making. Hey stupid, go back through the archives and look for the originals and compare the dates and original presentations. THINK [and I realize that is impossible for you, but try] about what the documents and extra links show, HOW worms work, and the other that applies; THEN try to see why your comments show your lack of intelligence... To make it plain to you: you have no point as usual. -- MEB http://peoplescounsel.org/ref/windows-main.htm Windows Info, Diagnostics, Security, Networking http://peoplescounsel.org The "real world" of Law, Justice, and Government ___--- |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Word Perfect 9, msvcrt.dll | Rich Lamanna | General | 6 | July 10th 06 01:21 AM |
Windows Messenger/Corelle Word Perfect | JLM | General | 2 | September 21st 04 12:17 PM |
perfect print keys | temunah | Software & Applications | 1 | August 31st 04 08:13 PM |