If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Patch Tuesday
Microsoft today released a number of hotfixes for Win Me, quite possibly
the last. Patches released include: Cumulative Security Update for Internet Explorer 6 Service Pack 1 (KB916281) For more details see KB916281 "MS06-021: Cumulative security update for Internet Explorer" (http://support.microsoft.com?kbid=916281) and Microsoft Security Bulletin MS06-021 (http://www.microsoft.com/technet/sec.../ms06-021.mspx). Security Update for Internet Explorer 6 Service Pack 1 (KB918439) For more details see KB918439 "MS06-022: Vulnerability in ART image rendering could allow remote code execution" (http://support.microsoft.com?kbid=918439) and Microsoft Security Bulletin MS06-022 (http://www.microsoft.com/technet/sec.../ms06-022.mspx). Security Update for Windows Millennium (KB918547) For more details see KB918547 "MS06-026: Vulnerability in the Graphics Rendering Engine could allow remote code execution" (http://support.microsoft.com?kbid=918547) and Microsoft Security Bulletin MS06-026 (http://www.microsoft.com/technet/sec.../ms06-026.mspx). Security Update for Windows Millennium (KB917344) For more details see KB917344 "MS06-023: Vulnerability in Microsoft JScript could allow remote code execution " (http://support.microsoft.com?kbid=917344) and Microsoft Security Bulletin MS06-023 (http://www.microsoft.com/technet/sec.../ms06-023.mspx). Security Update for Windows Media Player 9 for Windows 98 and Windows ME (KB917734) For more details see KB917734 "MS06-024: Vulnerability in Windows Media Player could allow remote code execution" (http://support.microsoft.com?kbid=917734) and Microsoft Security Bulletin MS06-024 (http://www.microsoft.com/technet/sec.../ms06-024.mspx). Patches were also released for Word 2000 & 2002 and PowerPoint 2000 & 2002. Word: KB917336 "MS06-027: Vulnerability in Microsoft Word could allow remote code execution" (http://support.microsoft.com/?kbid=917336) which has links to details of the patches for Word 2000 (KB917335) and Word 2002 (KB917335) PowerPoint: KB916768 "MS06-028: Vulnerability in Microsoft PowerPoint could allow remote code execution" (http://support.microsoft.com/?kbid=916768) which has links to details of the patches for PowerPoint 2000 (KB916520) and PowerPoint 2002 (KB916519) I am currently installing these individually and checking that none adversely effect my system. I will post back to this thread if I encounter any problems. To date I have installed all of the system patches and seen no ill effects. I would strongly advise all users of Win Me to install these patches. -- Mike Maltby MS-MVP Windows |
#2
|
|||
|
|||
Patch Tuesday
From: "Mike M"
| Microsoft today released a number of hotfixes for Win Me, quite possibly | the last. | | Patches released include: | Cumulative Security Update for Internet Explorer 6 Service Pack 1 | (KB916281) | For more details see KB916281 "MS06-021: Cumulative security update for | Internet Explorer" (http://support.microsoft.com?kbid=916281) and | Microsoft Security Bulletin MS06-021 | (http://www.microsoft.com/technet/sec.../ms06-021.mspx). | | Security Update for Internet Explorer 6 Service Pack 1 (KB918439) | For more details see KB918439 "MS06-022: Vulnerability in ART image | rendering could allow remote code execution" | (http://support.microsoft.com?kbid=918439) and Microsoft Security Bulletin | MS06-022 | (http://www.microsoft.com/technet/sec.../ms06-022.mspx). | | Security Update for Windows Millennium (KB918547) | For more details see KB918547 "MS06-026: Vulnerability in the Graphics | Rendering Engine could allow remote code execution" | (http://support.microsoft.com?kbid=918547) and Microsoft Security Bulletin | MS06-026 | (http://www.microsoft.com/technet/sec.../ms06-026.mspx). | | Security Update for Windows Millennium (KB917344) | For more details see KB917344 "MS06-023: Vulnerability in Microsoft | JScript could allow remote code execution " | (http://support.microsoft.com?kbid=917344) and Microsoft Security Bulletin | MS06-023 | (http://www.microsoft.com/technet/sec.../ms06-023.mspx). | | Security Update for Windows Media Player 9 for Windows 98 and Windows ME | (KB917734) | For more details see KB917734 "MS06-024: Vulnerability in Windows Media | Player could allow remote code execution" | (http://support.microsoft.com?kbid=917734) and Microsoft Security Bulletin | MS06-024 | (http://www.microsoft.com/technet/sec.../ms06-024.mspx). | | Patches were also released for Word 2000 & 2002 and PowerPoint 2000 & | 2002. | Word: KB917336 "MS06-027: Vulnerability in Microsoft Word could allow | remote code execution" (http://support.microsoft.com/?kbid=917336) which | has links to details of the patches for Word 2000 (KB917335) and Word 2002 | (KB917335) | | PowerPoint: KB916768 "MS06-028: Vulnerability in Microsoft PowerPoint | could allow remote code execution" | (http://support.microsoft.com/?kbid=916768) which has links to details of | the patches for PowerPoint 2000 (KB916520) and PowerPoint 2002 (KB916519) | | I am currently installing these individually and checking that none | adversely effect my system. I will post back to this thread if I | encounter any problems. To date I have installed all of the system | patches and seen no ill effects. I would strongly advise all users of Win | Me to install these patches. I installed them all. So far no side effects -- this time. This included a MDAC post SP1 update. I also installed the IE6 SP1 cumulative update AFTER I install all the other updates. BTW:.... -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-164A Microsoft Windows, Internet Explorer, Media Player, Word, PowerPoint, and Exchange Vulnerabilities Original release date: June 13, 2006 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Windows Media Player * Microsoft Internet Explorer * Microsoft PowerPoint for Windows and Mac OS X * Microsoft Word for Windows * Microsoft Office * Microsoft Works Suite * Microsoft Exchange Server Outlook Web Access For more complete information, refer to the Microsoft Security Bulletin Summary for June 2006. Overview Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Word, PowerPoint, Media Player, Internet Explorer, and Exchange Server. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system. I. Description Microsoft Security Bulletin Summary for June 2006 addresses vulnerabilities in Microsoft Windows, Word, PowerPoint, Media Player, Internet Explorer, and Exchange Server. Further information is available in the following US-CERT Vulnerability Notes: VU#722753 - Microsoft IP Source Route Vulnerability A vulnerability in Microsoft Windows could allow a remote attacker to execute arbitrary code on a vulnerable system. (CVE-2006-2379) VU#446012 - Microsoft Word object pointer memory corruption vulnerability A memory corruption vulnerability in Microsoft Word could allow a remote attacker to execute arbitrary code with the privileges of the user running Word. (CVE-2006-2492) VU#190089 - Microsoft PowerPoint malformed record vulnerability Microsoft PowerPoint fails to properly handle malformed records. This may allow a remote attacker to execute arbitrary code on a vulnerable system. (CVE-2006-0022) VU#923236 - Microsoft Windows ART image handling buffer overflow Microsoft Windows ART image handling routines are vulnerable to a heap-based buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. (CVE-2006-2378) VU#390044 - Microsoft JScript memory corruption vulnerability Microsoft JScript contains a memory corruption vulnerability. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. (CVE-2006-1313) VU#338828 - Microsoft Internet Explorer exception handling vulnerability Microsoft Internet Explorer fails to properly handle exception conditions. This may allow a remote, unauthenticated attacker to execute arbitrary code. (CVE-2006-2218) VU#417585 - Microsoft DXImageTransform Light filter fails to validate input The Microsoft DXImageTransform Light COM object fails to validate input, which may allow a remote attacker to execute arbitrary code on a vulnerable system. (CVE-2006-2383) VU#959049 - Multiple COM objects cause memory corruption in Microsoft Internet Explorer Microsoft Internet Explorer (IE) allows instantiation of COM objects not designed for use in the browser, which may allow a remote attacker to execute arbitrary code or crash IE. (CVE-2006-2127) VU#136849 - Microsoft Internet Explorer UTF-8 decoding vulnerability Microsoft Internet Explorer fails to properly decode UTF-8 encoded HTML. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. (CVE-2006-2382) VU#909508 - Microsoft Graphics Rendering Engine fails to properly handle WMF images Microsoft Windows Graphics Rendering Engine contains a vulnerability that may allow a remote attacker to execute arbitrary code on a vulnerable system. (CVE-2006-2376) VU#608020 - Microsoft Windows Media Player PNG processing buffer overflow Microsoft Windows Media Player contains a stack-based buffer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. (CVE-2006-0025) VU#814644 - Microsoft Remote Access Connection Manager service vulnerable to buffer overflow A vulnerability in the Microsoft Remote Access Connection Manager may allow a remote attacker to execute arbitrary code on a vulnerable system. (CVE-2006-2371) VU#631516 - Microsoft Routing and Remote Access does not properly handle RPC requests There is a vulnerability in the Microsoft Windows Routing and Remote Access Service that could allow an attacker to take control of the affected system. (CVE-2006-2370) VU#138188 - Microsoft Outlook Web Access for Exchange Server script injection vulnerability A script injection vulnerability exists in Microsoft Exchange Server running Outlook Web Access. (CVE-2006-1193) In MS06-027 Microsoft has released updates for the Word vulnerability described in Technical Cyber Security Alert TA06-139A. II. Impact A remote, unauthenticated attacker could execute arbitrary code on a vulnerable system. An attacker may also be able to cause a denial of service. III. Solution Apply Updates Microsoft has provided updates for these vulnerabilities in the Security Bulletins. Microsoft Windows updates are available on the Microsoft Update site. Workarounds Please see the US-CERT Vulnerability Notes for workarounds. Appendix A. References * Microsoft Security Bulletin Summary for June 2006 - http://www.microsoft.com/technet/security/bulletin/ms06-jun.mspx * Technical Cyber Security Alert TA06-139A - http://www.us-cert.gov/cas/techalerts/TA06-139A.html * US-CERT Vulnerability Notes for Microsoft Updates for June 2006 - http://www.kb.cert.org/vuls/byid?searchview&query=ms06-june * US-CERT Vulnerability Note VU#446012 - http://www.kb.cert.org/vuls/id/446012 * US-CERT Vulnerability Note VU#190089 - http://www.kb.cert.org/vuls/id/190089 * US-CERT Vulnerability Note VU#923236 - http://www.kb.cert.org/vuls/id/923236 * US-CERT Vulnerability Note VU#390044 - http://www.kb.cert.org/vuls/id/390044 * US-CERT Vulnerability Note VU#338828 - http://www.kb.cert.org/vuls/id/338828 * US-CERT Vulnerability Note VU#417585 - http://www.kb.cert.org/vuls/id/417585 * US-CERT Vulnerability Note VU#136849 - http://www.kb.cert.org/vuls/id/136849 * US-CERT Vulnerability Note VU#909508 - http://www.kb.cert.org/vuls/id/909508 * US-CERT Vulnerability Note VU#722753 - http://www.kb.cert.org/vuls/id/722753 * US-CERT Vulnerability Note VU#959049 - http://www.kb.cert.org/vuls/id/959049 * US-CERT Vulnerability Note VU#138188 - http://www.kb.cert.org/vuls/id/138188 * US-CERT Vulnerability Note VU#608020 - http://www.kb.cert.org/vuls/id/608020 * US-CERT Vulnerability Note VU#814644 - http://www.kb.cert.org/vuls/id/814644 * US-CERT Vulnerability Note VU#631516 - http://www.kb.cert.org/vuls/id/631516 * CVE-2006-2492 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2492 * CVE-2006-0022 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0022 * CVE-2006-2378 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2378 * CVE-2006-1313 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1313 * CVE-2006-2218 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2218 * CVE-2006-2383 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2383 * CVE-2006-2127 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2127 * CVE-2006-2382 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2382 * CVE-2006-2376 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2376 * CVE-2006-2379 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2379 * CVE-2006-1193 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1193 * CVE-2006-0025 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0025 * CVE-2006-2371 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2371 * CVE-2006-2370 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2370 * Microsoft Update - https://update.microsoft.com/microsoftupdate * Securing Your Web Browser - http://www.us-cert.gov/reading_room/...r/#Internet_Ex plorer __________________________________________________ __________________ The most recent version of this document can be found at: http://www.us-cert.gov/cas/techalerts/TA06-164A.html __________________________________________________ __________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA06-164A Feedback VU#390044" in the subject. __________________________________________________ __________________ For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html. __________________________________________________ __________________ Produced 2006 by US-CERT, a government organization. Terms of use: http://www.us-cert.gov/legal.html __________________________________________________ __________________ Revision History June 13, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRI8+kn0pj593lg50AQKHOwgAvRyUSM1UUAm9rMCEqm qK2F7Nc0zmyBF/ LJQMV04M44DBzO/uAJvj1Bagsg1+eCQB9L86qL3WzKZev200gkYUki1xOJ/S7yv2 8K3ovQ9g2HFTuovw6tO2GE6EO5tWyGO0RjW4juEIe03vUF8rvk BzhQFjl4YCK7Lk J+O3eula74ZcDExuT/8tzbYmUnW2V5YB4n8THdZmwUcQBG8HgCiYBeA5Ne0Gs2/l FqcGY6/GcileVChU98p3GBQWp8B+WSUSxGSFEmRl4BnRhB0Me8/RmJt0+Bxs+RJP mokjmXu0dBFZUAMP0drS1ZBnhu8/s2jo0gvu5qoDmL4el5Y1Lj6bGA== =k+F0 -----END PGP SIGNATURE----- -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |
#3
|
|||
|
|||
Patch Tuesday
Thanks Dave.
I'm likewise seeing no problems as a result of installing these patches but haven't tested all the possible scenarios regarding Office components. For example I have only installed the Office 2000 patches and even then not had the chance to test exhaustively. -- Mike David H. Lipman wrote: I installed them all. So far no side effects -- this time. This included a MDAC post SP1 update. I also installed the IE6 SP1 cumulative update AFTER I install all the other updates. BTW:.... -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-164A Microsoft Windows, Internet Explorer, Media Player, Word, PowerPoint, and Exchange Vulnerabilities Original release date: June 13, 2006 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Windows Media Player * Microsoft Internet Explorer * Microsoft PowerPoint for Windows and Mac OS X * Microsoft Word for Windows * Microsoft Office * Microsoft Works Suite * Microsoft Exchange Server Outlook Web Access For more complete information, refer to the Microsoft Security Bulletin Summary for June 2006. Overview Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Word, PowerPoint, Media Player, Internet Explorer, and Exchange Server. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system. I. Description Microsoft Security Bulletin Summary for June 2006 addresses vulnerabilities in Microsoft Windows, Word, PowerPoint, Media Player, Internet Explorer, and Exchange Server. Further information is available in the following US-CERT Vulnerability Notes: VU#722753 - Microsoft IP Source Route Vulnerability A vulnerability in Microsoft Windows could allow a remote attacker to execute arbitrary code on a vulnerable system. (CVE-2006-2379) VU#446012 - Microsoft Word object pointer memory corruption vulnerability A memory corruption vulnerability in Microsoft Word could allow a remote attacker to execute arbitrary code with the privileges of the user running Word. (CVE-2006-2492) VU#190089 - Microsoft PowerPoint malformed record vulnerability Microsoft PowerPoint fails to properly handle malformed records. This may allow a remote attacker to execute arbitrary code on a vulnerable system. (CVE-2006-0022) VU#923236 - Microsoft Windows ART image handling buffer overflow Microsoft Windows ART image handling routines are vulnerable to a heap-based buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. (CVE-2006-2378) VU#390044 - Microsoft JScript memory corruption vulnerability Microsoft JScript contains a memory corruption vulnerability. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. (CVE-2006-1313) VU#338828 - Microsoft Internet Explorer exception handling vulnerability Microsoft Internet Explorer fails to properly handle exception conditions. This may allow a remote, unauthenticated attacker to execute arbitrary code. (CVE-2006-2218) VU#417585 - Microsoft DXImageTransform Light filter fails to validate input The Microsoft DXImageTransform Light COM object fails to validate input, which may allow a remote attacker to execute arbitrary code on a vulnerable system. (CVE-2006-2383) VU#959049 - Multiple COM objects cause memory corruption in Microsoft Internet Explorer Microsoft Internet Explorer (IE) allows instantiation of COM objects not designed for use in the browser, which may allow a remote attacker to execute arbitrary code or crash IE. (CVE-2006-2127) VU#136849 - Microsoft Internet Explorer UTF-8 decoding vulnerability Microsoft Internet Explorer fails to properly decode UTF-8 encoded HTML. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. (CVE-2006-2382) VU#909508 - Microsoft Graphics Rendering Engine fails to properly handle WMF images Microsoft Windows Graphics Rendering Engine contains a vulnerability that may allow a remote attacker to execute arbitrary code on a vulnerable system. (CVE-2006-2376) VU#608020 - Microsoft Windows Media Player PNG processing buffer overflow Microsoft Windows Media Player contains a stack-based buffer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. (CVE-2006-0025) VU#814644 - Microsoft Remote Access Connection Manager service vulnerable to buffer overflow A vulnerability in the Microsoft Remote Access Connection Manager may allow a remote attacker to execute arbitrary code on a vulnerable system. (CVE-2006-2371) VU#631516 - Microsoft Routing and Remote Access does not properly handle RPC requests There is a vulnerability in the Microsoft Windows Routing and Remote Access Service that could allow an attacker to take control of the affected system. (CVE-2006-2370) VU#138188 - Microsoft Outlook Web Access for Exchange Server script injection vulnerability A script injection vulnerability exists in Microsoft Exchange Server running Outlook Web Access. (CVE-2006-1193) In MS06-027 Microsoft has released updates for the Word vulnerability described in Technical Cyber Security Alert TA06-139A. II. Impact A remote, unauthenticated attacker could execute arbitrary code on a vulnerable system. An attacker may also be able to cause a denial of service. III. Solution Apply Updates Microsoft has provided updates for these vulnerabilities in the Security Bulletins. Microsoft Windows updates are available on the Microsoft Update site. Workarounds Please see the US-CERT Vulnerability Notes for workarounds. Appendix A. References * Microsoft Security Bulletin Summary for June 2006 - http://www.microsoft.com/technet/security/bulletin/ms06-jun.mspx * Technical Cyber Security Alert TA06-139A - http://www.us-cert.gov/cas/techalerts/TA06-139A.html * US-CERT Vulnerability Notes for Microsoft Updates for June 2006 - http://www.kb.cert.org/vuls/byid?searchview&query=ms06-june * US-CERT Vulnerability Note VU#446012 - http://www.kb.cert.org/vuls/id/446012 * US-CERT Vulnerability Note VU#190089 - http://www.kb.cert.org/vuls/id/190089 * US-CERT Vulnerability Note VU#923236 - http://www.kb.cert.org/vuls/id/923236 * US-CERT Vulnerability Note VU#390044 - http://www.kb.cert.org/vuls/id/390044 * US-CERT Vulnerability Note VU#338828 - http://www.kb.cert.org/vuls/id/338828 * US-CERT Vulnerability Note VU#417585 - http://www.kb.cert.org/vuls/id/417585 * US-CERT Vulnerability Note VU#136849 - http://www.kb.cert.org/vuls/id/136849 * US-CERT Vulnerability Note VU#909508 - http://www.kb.cert.org/vuls/id/909508 * US-CERT Vulnerability Note VU#722753 - http://www.kb.cert.org/vuls/id/722753 * US-CERT Vulnerability Note VU#959049 - http://www.kb.cert.org/vuls/id/959049 * US-CERT Vulnerability Note VU#138188 - http://www.kb.cert.org/vuls/id/138188 * US-CERT Vulnerability Note VU#608020 - http://www.kb.cert.org/vuls/id/608020 * US-CERT Vulnerability Note VU#814644 - http://www.kb.cert.org/vuls/id/814644 * US-CERT Vulnerability Note VU#631516 - http://www.kb.cert.org/vuls/id/631516 * CVE-2006-2492 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2492 * CVE-2006-0022 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0022 * CVE-2006-2378 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2378 * CVE-2006-1313 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1313 * CVE-2006-2218 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2218 * CVE-2006-2383 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2383 * CVE-2006-2127 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2127 * CVE-2006-2382 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2382 * CVE-2006-2376 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2376 * CVE-2006-2379 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2379 * CVE-2006-1193 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1193 * CVE-2006-0025 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0025 * CVE-2006-2371 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2371 * CVE-2006-2370 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2370 * Microsoft Update - https://update.microsoft.com/microsoftupdate * Securing Your Web Browser - http://www.us-cert.gov/reading_room/...r/#Internet_Ex plorer __________________________________________________ __________________ The most recent version of this document can be found at: http://www.us-cert.gov/cas/techalerts/TA06-164A.html __________________________________________________ __________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA06-164A Feedback VU#390044" in the subject. __________________________________________________ __________________ For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html. __________________________________________________ __________________ Produced 2006 by US-CERT, a government organization. Terms of use: http://www.us-cert.gov/legal.html __________________________________________________ __________________ Revision History June 13, 2006: Initial release |
#4
|
|||
|
|||
Patch Tuesday
Hello!
I'm experiencing some issues installing the KB918547 (MS06-026) patch on ME systems. Does anyone know if it requires a specific version of IE or something else? I have been able to install it on ME machines with IE 6 so far, but not IE 5.5. Anne |
#5
|
|||
|
|||
Patch Tuesday
IE 5.5 is NOT supported in any way by MS at this time - you will have to
upgrade to IE6 SP1 -- Noel Paton (MS-MVP 2002-2006, Windows) Nil Carborundum Illegitemi http://www.crashfixpc.com/millsrpch.htm http://tinyurl.com/6oztj Please read http://dts-l.org/goodpost.htm on how to post messages to NG's "anne" wrote in message oups.com... Hello! I'm experiencing some issues installing the KB918547 (MS06-026) patch on ME systems. Does anyone know if it requires a specific version of IE or something else? I have been able to install it on ME machines with IE 6 so far, but not IE 5.5. Anne |
#6
|
|||
|
|||
Patch Tuesday
Anne,
There does indeed to be something odd about the KB918547 (MS06-026) patch. Whilst IE5.5 as such has been unsupported since the end of 2005, the last patch being the cumulative update for IE5.5 released in December 2005, the KB918547 hotfix is one of three patches offered to a Win Me system running IE5.5 (the others being IE6 SP1 and 917344 [MS06-024]) however despite being offered by the Windows Update site it will not install. The reason being that this patch is for IE6 SP1 and is being offered in error by the WU site to those still running IE5.5 I have notified Microsoft of this problem. I would however like to stress that no machine should still be running IE5.5 if used to access the net and that you should as a matter or urgency update all such PCs to IE6 SP1. -- Mike Maltby MS-MVP Windows [2001-2006] anne wrote: Hello! I'm experiencing some issues installing the KB918547 (MS06-026) patch on ME systems. Does anyone know if it requires a specific version of IE or something else? I have been able to install it on ME machines with IE 6 so far, but not IE 5.5. |
#7
|
|||
|
|||
Patch Tuesday
Interesting, Mike!
I just fired up a new ME (VPC) install - and 888113 also refuses to install. Both patches are positioned in TechNet and WU as OS updates rather than as IE updates, so should be IE version independent?? -- Noel Paton (MS-MVP 2002-2006, Windows) Nil Carborundum Illegitemi http://www.crashfixpc.com/millsrpch.htm http://tinyurl.com/6oztj Please read http://dts-l.org/goodpost.htm on how to post messages to NG's "Mike M" wrote in message ... Anne, There does indeed to be something odd about the KB918547 (MS06-026) patch. Whilst IE5.5 as such has been unsupported since the end of 2005, the last patch being the cumulative update for IE5.5 released in December 2005, the KB918547 hotfix is one of three patches offered to a Win Me system running IE5.5 (the others being IE6 SP1 and 917344 [MS06-024]) however despite being offered by the Windows Update site it will not install. The reason being that this patch is for IE6 SP1 and is being offered in error by the WU site to those still running IE5.5 I have notified Microsoft of this problem. I would however like to stress that no machine should still be running IE5.5 if used to access the net and that you should as a matter or urgency update all such PCs to IE6 SP1. -- Mike Maltby MS-MVP Windows [2001-2006] anne wrote: Hello! I'm experiencing some issues installing the KB918547 (MS06-026) patch on ME systems. Does anyone know if it requires a specific version of IE or something else? I have been able to install it on ME machines with IE 6 so far, but not IE 5.5. |
#9
|
|||
|
|||
Patch Tuesday
Noel,
Installs manually without problems on IE5.5 SP2 but not IE5.5 RTM as in a clean Win Me. See e-mail. -- Mike Noel Paton wrote: Interesting, Mike! I just fired up a new ME (VPC) install - and 888113 also refuses to install. Both patches are positioned in TechNet and WU as OS updates rather than as IE updates, so should be IE version independent?? |
#10
|
|||
|
|||
Patch Tuesday
The 98 version of the same patch will also NOT install on IE 5.0 on 98.
Both the 98 and ME patches seem to install fine on IE 6 (no service pack), and the message that pops up when trying to apply these patches on IE 5.x machines states that the machine does not have the right version of Internet Explorer, so it must somehow be a requirement. Anne |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Microsoft Can't Patch Flaw in Windows 98, ME. Last Patch Tuesday dead ahead. | Cymbal Man Freq. | General | 7 | June 15th 06 09:06 AM |
Patch Confusion | Roger Fink | General | 26 | January 15th 06 10:58 PM |
Microsoft patch for WMF flaw -- WinME not covered??? | Dave Boland | General | 17 | January 10th 06 12:17 AM |
It's PATCH TUESDAY | Gary S. Terhune | General | 83 | October 28th 05 12:43 AM |
Win 98 Patch Bundle | Gilgamesh | General | 3 | May 1st 05 06:36 PM |