891711/MS05-002 Updated (fixed) for Win9x

From: "PA Bear"

| [Crossposted to Security, Security.Homeusers, Win98 General, WinME General,
| Win98 Windows Update, and Windows Update newsgroups for maximum exposure.
| Please eliminate needless crossposting when replying to this message.]
| | Microsoft Security Bulletin MS05-002: Vulnerability in Cursor and Icon
| played a major role in getting them fixed.
|

snip

| AFAIK KB891711 should no longer load at Startup and display as a running
| Process.
| --
| ~Robear Dyer (PA Bear)
| MS MVP-Windows (Shell, IE/OE) & Security

Thank You Robear !

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

I just uninstalled KB891711 through Add/Remove Programs (which had
been unchecked) and downloaded and installed today's KB891711. I
rebooted and immediately checked the task list. While KB891711 wasn't
listed, Tsc was. What is Tsc? I checked it in Google, and can't find
it. But Tsc wasn't in my task list until this update.

Beth

On Tue, 12 Apr 2005 23:20:34 +0100, "Mike M"
wrote:

Gary S. Terhune wrote:

Reading a dslreports.com thread, I notice a report that says that
while the new KB891711 doesn't show when you press Ctrl-Alt-Del, it
does show as a running process by End-It-All.

Is that the post you're referring to, Steve? Can anyone else confirm?
cf. http://www.broadbandreports.com/forum/remark,13151929

As a running service it will be seen using a utility such as End-It-All or
any decent process viewer - even the aged WinTop. What is no longer seen
is an entry in the Win 9x Ctrl-Alt-Del Close Program window as KB891711 is
no longer being launched from the
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru n key but instead, and
more correctly, from the RunServices key.

Run MSCONFIG and look in the Startup tab for anything that mentions TSC.

I find a few things that might run as TSC, like this, for instance:
http://www.childhooddiseases.org/community_tsc.html

Or, perhaps it's "Terminal Services Client" which lets you log in to a
Windows NT/2000/XP system from a remote location. If you don't know why
that might be there, suspect malware. I can't see it being any part of
KB891711, though.

Or, it might be Trend Micro's "Trend SysClean", perhaps?

--
Gary S. Terhune
MS MVP Shell/User
http://www.grystmill.com/articles/cleanboot.htm
http://www.grystmill.com/articles/security.htm

"Elizabeth" wrote in message
...
I just uninstalled KB891711 through Add/Remove Programs (which had
been unchecked) and downloaded and installed today's KB891711. I
rebooted and immediately checked the task list. While KB891711 wasn't
listed, Tsc was. What is Tsc? I checked it in Google, and can't find
it. But Tsc wasn't in my task list until this update.

Beth

On Tue, 12 Apr 2005 23:20:34 +0100, "Mike M"
wrote:

Gary S. Terhune wrote:

Reading a dslreports.com thread, I notice a report that says that
while the new KB891711 doesn't show when you press Ctrl-Alt-Del, it
does show as a running process by End-It-All.

Is that the post you're referring to, Steve? Can anyone else
confirm?
cf. http://www.broadbandreports.com/forum/remark,13151929

As a running service it will be seen using a utility such as
End-It-All or
any decent process viewer - even the aged WinTop. What is no longer
seen
is an entry in the Win 9x Ctrl-Alt-Del Close Program window as
KB891711 is
no longer being launched from the
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru n key but instead,
and
more correctly, from the RunServices key.

[Non-Win98 newsgroups eliminated from crosspost]

Taking the write-up at face value, Len, I'd install 891711 on top of what
you've got now.

We don't know what manual fixes MS had you perform yesterday. For all we
know, today's release might include some last-minute additions to what you
did manually. (None of us had any notice that 891711 was going to be
re-released today.) I suppose you might call 1-866-PCSAFETY again about
this but unfortunately I'm not sure you'd get anybody on the other end who'd
be able to give you an informed, straight answer.

Should something go amiss after installing 891711, a 'Scanreg /restore'
should be able to "undo" things. In such a scenario, choose a boot
post-dating the manual changes you made under the MS tech's direction.

890923 is an unrelated, Cumulative Security Update for IE6 SP1.
--
~PA Bear

Leonard F Kiesling wrote:
pa, i don't know where to post. but i followed your lead in win update
site. thanks for all this info!

yesterday, 4-11-05, microsoft walked me thru a removal process in the
registry, & deleted the bad executable file. after reading thru recent
posts, my thinking is to uninstall the kb891711 update, & use the windows
site to install the updated version.

as i'm writing this, my auto update popped up. went to WU site. says i
need kb890923 & kb891711. should i uninstall the old kb891711 thru add
remove? & then install these 2 from WU?

thanks for all your help! len kiesling

"PA Bear" wrote in message
...
[Crossposted to Security, Security.Homeusers, Win98 General, WinME
General, Win98 Windows Update, and Windows Update newsgroups for
maximum exposure. Please eliminate needless crossposting when replying
to this message.]

Microsoft Security Bulletin MS05-002: Vulnerability in Cursor and Icon
Format Handling Could Allow Remote Code Execution (891711):
http://www.microsoft.com/technet/Sec.../ms05-002.mspx

quote
Why was this security bulletin updated on April 12, 2005?

After the release of the MS05-002 security bulletin, Microsoft became
aware of an issue affecting customers deploying the Windows 98, 98SE
and ME security update. In most cases, the issue caused machines to
unexpectedly restart.

Microsoft has investigated this issue and has made available revised
security updates for these platforms. These revised security updates are
available from Windows Update and the Microsoft Download Center.
Customers who have not yet applied the original version of these
updates should visit Windows Update to receive the revised updates.

[NB:] Customers who have already applied the original Windows 98, 98SE
and ME security update are advised to install the current revision of
the update from Windows Update.

snip

Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition
critically affected by any of the vulnerabilities that are addressed in
this security bulletin?

Yes. Windows 98, Windows 98 Second Edition, and Windows Millennium
Edition are critically affected by this vulnerability. A Critical
security update for these platforms is available and is provided as
part of this security bulletin and can be downloaded /only/ from the
Windows Update Web site. [Emphasis added]
/quote

Thanks to all those who called MS at 1-866-PCSAFETY about the bug in
891711 as released in Feb-05. Your documentation of the problems
caused by 891711 played a major role in getting them fixed.

AFAIK KB891711 should no longer load at Startup and display as a running
Process.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (Shell, IE/OE) & Security

As others have said, KB891711.exe is out of Ctrl-Alt-Del, but STILL in
MSInfo32, Software Environment, Running Tasks. It appears to be working.
I did completely uninstall the bad one first, even deleting the empty
folder it left behind. That folder is now back with the same two files
back in it. Everything is back.

Seems to be working! No BSOD! Please convey my deep appreciation to that
[MSFT] guy, Jerry Bryant. And give him a hearty handshake!


--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR

"PA Bear" wrote in message
...
| [Crossposted to Security, Security.Homeusers, Win98 General, WinME
General,
| Win98 Windows Update, and Windows Update newsgroups for maximum
exposure.
| Please eliminate needless crossposting when replying to this message.]
|
| Microsoft Security Bulletin MS05-002: Vulnerability in Cursor and Icon
| Format Handling Could Allow Remote Code Execution (891711):
| http://www.microsoft.com/technet/Sec.../ms05-002.mspx
|
| quote
| Why was this security bulletin updated on April 12, 2005?
|
| After the release of the MS05-002 security bulletin, Microsoft became
aware
| of an issue affecting customers deploying the Windows 98, 98SE and ME
| security update. In most cases, the issue caused machines to
unexpectedly
| restart.
|
| Microsoft has investigated this issue and has made available revised
| security updates for these platforms. These revised security updates
are
| available from Windows Update and the Microsoft Download Center.
Customers
| who have not yet applied the original version of these updates should
visit
| Windows Update to receive the revised updates.
|
| [NB:] Customers who have already applied the original Windows 98, 98SE
and
| ME security update are advised to install the current revision of the
update
| from Windows Update.
|
| snip
|
| Are Windows 98, Windows 98 Second Edition, or Windows Millennium
Edition
| critically affected by any of the vulnerabilities that are addressed
in this
| security bulletin?
|
| Yes. Windows 98, Windows 98 Second Edition, and Windows Millennium
Edition
| are critically affected by this vulnerability. A Critical security
update
| for these platforms is available and is provided as part of this
security
| bulletin and can be downloaded /only/ from the Windows Update Web
site.
| [Emphasis added]
| /quote
|
| Thanks to all those who called MS at 1-866-PCSAFETY about the bug in
891711
| as released in Feb-05. Your documentation of the problems caused by
891711
| played a major role in getting them fixed.
|
| AFAIK KB891711 should no longer load at Startup and display as a
running
| Process.
| --
| ~Robear Dyer (PA Bear)
| MS MVP-Windows (Shell, IE/OE) & Security
|

pa
thanks for reply! there were a few deletions of registry sub folders, & not
individual values as viewed in the right pane of regedit. they were (to the
best of my memory) Run- RunServices- windows- they all had the minus
sign as viewed. i DO recall the minus signs, & Run- was definately the first
deletion. don't recall the start of the paths.

after changes were made on machine yesterday, 4-11, i turned it off. on
today, 4-12 & still running. will the changed scanreg /restore be of 4-11's
date?

also my thinking was to uninstall the old first, as others have. your
direction is clear to leave old one installed. i may call the pcsafety #
anyway. if i do, i'll gladly post info! i have always appreciated your
help!!!
thanks, len kiesling




"PA Bear" wrote in message
...
[Non-Win98 newsgroups eliminated from crosspost]

Taking the write-up at face value, Len, I'd install 891711 on top of what
you've got now.

We don't know what manual fixes MS had you perform yesterday. For all we
know, today's release might include some last-minute additions to what you
did manually. (None of us had any notice that 891711 was going to be
re-released today.) I suppose you might call 1-866-PCSAFETY again about
this but unfortunately I'm not sure you'd get anybody on the other end
who'd
be able to give you an informed, straight answer.

Should something go amiss after installing 891711, a 'Scanreg /restore'
should be able to "undo" things. In such a scenario, choose a boot
post-dating the manual changes you made under the MS tech's direction.

890923 is an unrelated, Cumulative Security Update for IE6 SP1.
--
~PA Bear

Leonard F Kiesling wrote:
pa, i don't know where to post. but i followed your lead in win update
site. thanks for all this info!

yesterday, 4-11-05, microsoft walked me thru a removal process in the
registry, & deleted the bad executable file. after reading thru recent
posts, my thinking is to uninstall the kb891711 update, & use the
windows
site to install the updated version.

as i'm writing this, my auto update popped up. went to WU site. says i
need kb890923 & kb891711. should i uninstall the old kb891711 thru add
remove? & then install these 2 from WU?

thanks for all your help! len kiesling

"PA Bear" wrote in message
...
[Crossposted to Security, Security.Homeusers, Win98 General, WinME
General, Win98 Windows Update, and Windows Update newsgroups for
maximum exposure. Please eliminate needless crossposting when replying
to this message.]

Microsoft Security Bulletin MS05-002: Vulnerability in Cursor and Icon
Format Handling Could Allow Remote Code Execution (891711):
http://www.microsoft.com/technet/Sec.../ms05-002.mspx

quote
Why was this security bulletin updated on April 12, 2005?

After the release of the MS05-002 security bulletin, Microsoft became
aware of an issue affecting customers deploying the Windows 98, 98SE
and ME security update. In most cases, the issue caused machines to
unexpectedly restart.

Microsoft has investigated this issue and has made available revised
security updates for these platforms. These revised security updates
are
available from Windows Update and the Microsoft Download Center.
Customers who have not yet applied the original version of these
updates should visit Windows Update to receive the revised updates.

[NB:] Customers who have already applied the original Windows 98, 98SE
and ME security update are advised to install the current revision of
the update from Windows Update.

snip

Are Windows 98, Windows 98 Second Edition, or Windows Millennium
Edition
critically affected by any of the vulnerabilities that are addressed
in
this security bulletin?

Yes. Windows 98, Windows 98 Second Edition, and Windows Millennium
Edition are critically affected by this vulnerability. A Critical
security update for these platforms is available and is provided as
part of this security bulletin and can be downloaded /only/ from the
Windows Update Web site. [Emphasis added]
/quote

Thanks to all those who called MS at 1-866-PCSAFETY about the bug in
891711 as released in Feb-05. Your documentation of the problems
caused by 891711 played a major role in getting them fixed.

AFAIK KB891711 should no longer load at Startup and display as a
running
Process.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (Shell, IE/OE) & Security

The most recent backup Registry for your system *should* have been
created during the first boot today. HTH.

I don't think it makes any difference whether you uninstall the old
version before installing the new one, with one caveat: If you disabled
the old KB891711 using MSCONFIG, before uninstalling it or before
over-installing the new version, then that disabled item will remain in
MSCONFIG as a disabled item. Such items (disabled ones) are found in
Registry Keys like Run-, RunServices-, or "Disabled Startup Items"
folder in the Start\Programs menu.

--
Gary S. Terhune
MS MVP Shell/User
http://www.grystmill.com/articles/cleanboot.htm
http://www.grystmill.com/articles/security.htm

"Leonard F Kiesling" wrote in
message ...
pa
thanks for reply! there were a few deletions of registry sub folders,
& not
individual values as viewed in the right pane of regedit. they were
(to the
best of my memory) Run- RunServices- windows- they all had the
minus
sign as viewed. i DO recall the minus signs, & Run- was definately the
first
deletion. don't recall the start of the paths.

after changes were made on machine yesterday, 4-11, i turned it off.
on
today, 4-12 & still running. will the changed scanreg /restore be of
4-11's
date?

also my thinking was to uninstall the old first, as others have. your
direction is clear to leave old one installed. i may call the pcsafety
#
anyway. if i do, i'll gladly post info! i have always appreciated your
help!!!
thanks, len kiesling




"PA Bear" wrote in message
...
[Non-Win98 newsgroups eliminated from crosspost]

Taking the write-up at face value, Len, I'd install 891711 on top of
what
you've got now.

We don't know what manual fixes MS had you perform yesterday. For
all we
know, today's release might include some last-minute additions to
what you
did manually. (None of us had any notice that 891711 was going to
be
re-released today.) I suppose you might call 1-866-PCSAFETY again
about
this but unfortunately I'm not sure you'd get anybody on the other
end
who'd
be able to give you an informed, straight answer.

Should something go amiss after installing 891711, a 'Scanreg
/restore'
should be able to "undo" things. In such a scenario, choose a boot
post-dating the manual changes you made under the MS tech's
direction.

890923 is an unrelated, Cumulative Security Update for IE6 SP1.
--
~PA Bear

Leonard F Kiesling wrote:
pa, i don't know where to post. but i followed your lead in win
update
site. thanks for all this info!

yesterday, 4-11-05, microsoft walked me thru a removal process in
the
registry, & deleted the bad executable file. after reading thru
recent
posts, my thinking is to uninstall the kb891711 update, & use the
windows
site to install the updated version.

as i'm writing this, my auto update popped up. went to WU site.
says i
need kb890923 & kb891711. should i uninstall the old kb891711 thru
add
remove? & then install these 2 from WU?

thanks for all your help! len kiesling

"PA Bear" wrote in message
...
[Crossposted to Security, Security.Homeusers, Win98 General,
WinME
General, Win98 Windows Update, and Windows Update newsgroups for
maximum exposure. Please eliminate needless crossposting when
replying
to this message.]

Microsoft Security Bulletin MS05-002: Vulnerability in Cursor
and Icon
Format Handling Could Allow Remote Code Execution (891711):
http://www.microsoft.com/technet/Sec.../ms05-002.mspx

quote
Why was this security bulletin updated on April 12, 2005?

After the release of the MS05-002 security bulletin, Microsoft
became
aware of an issue affecting customers deploying the Windows 98,
98SE
and ME security update. In most cases, the issue caused machines
to
unexpectedly restart.

Microsoft has investigated this issue and has made available
revised
security updates for these platforms. These revised security
updates
are
available from Windows Update and the Microsoft Download Center.
Customers who have not yet applied the original version of these
updates should visit Windows Update to receive the revised
updates.

[NB:] Customers who have already applied the original Windows
98, 98SE
and ME security update are advised to install the current
revision of
the update from Windows Update.

snip

Are Windows 98, Windows 98 Second Edition, or Windows Millennium
Edition
critically affected by any of the vulnerabilities that are
addressed
in
this security bulletin?

Yes. Windows 98, Windows 98 Second Edition, and Windows
Millennium
Edition are critically affected by this vulnerability. A
Critical
security update for these platforms is available and is provided
as
part of this security bulletin and can be downloaded /only/ from
the
Windows Update Web site. [Emphasis added]
/quote

Thanks to all those who called MS at 1-866-PCSAFETY about the
bug in
891711 as released in Feb-05. Your documentation of the
problems
caused by 891711 played a major role in getting them fixed.

AFAIK KB891711 should no longer load at Startup and display as a
running
Process.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (Shell, IE/OE) & Security

after changes were made on machine yesterday, 4-11, i turned it off. on
today, 4-12 & still running. will the changed scanreg /restore be of
4-11's date?

The Safe Boot dated today will not include any changes to the Registry made
after booting today.

The Safe Boot dated yesterday will not include any changes to the Registry
made after booting yesterday.

also my thinking was to uninstall the old first, as others have.

That'd be my thinking, too, but "when in doubt, read the directions." eg
[G'wan, see if it works!]
--
~PAÞ


Leonard F Kiesling wrote:
pa
thanks for reply! there were a few deletions of registry sub folders, &
not individual values as viewed in the right pane of regedit. they were
(to the best of my memory) Run- RunServices- windows- they all had
the minus sign as viewed. i DO recall the minus signs, & Run- was
definately the first deletion. don't recall the start of the paths.

after changes were made on machine yesterday, 4-11, i turned it off. on
today, 4-12 & still running. will the changed scanreg /restore be of
4-11's date?

also my thinking was to uninstall the old first, as others have. your
direction is clear to leave old one installed. i may call the pcsafety #
anyway. if i do, i'll gladly post info! i have always appreciated your
help!!!
thanks, len kiesling




"PA Bear" wrote in message
...
[Non-Win98 newsgroups eliminated from crosspost]

Taking the write-up at face value, Len, I'd install 891711 on top of
what you've got now.

We don't know what manual fixes MS had you perform yesterday. For all
we know, today's release might include some last-minute additions to
what you did manually. (None of us had any notice that 891711 was
going to be re-released today.) I suppose you might call
1-866-PCSAFETY again about this but unfortunately I'm not sure you'd
get anybody on the other end who'd be able to give you an informed,
straight answer.

Should something go amiss after installing 891711, a 'Scanreg /restore'
should be able to "undo" things. In such a scenario, choose a boot
post-dating the manual changes you made under the MS tech's direction.

890923 is an unrelated, Cumulative Security Update for IE6 SP1.
--
~PA Bear

Leonard F Kiesling wrote:
pa, i don't know where to post. but i followed your lead in win update
site. thanks for all this info!

yesterday, 4-11-05, microsoft walked me thru a removal process in the
registry, & deleted the bad executable file. after reading thru recent
posts, my thinking is to uninstall the kb891711 update, & use the
windows site to install the updated version.

as i'm writing this, my auto update popped up. went to WU site. says i
need kb890923 & kb891711. should i uninstall the old kb891711 thru add
remove? & then install these 2 from WU?

thanks for all your help! len kiesling

"PA Bear" wrote in message
...
[Crossposted to Security, Security.Homeusers, Win98 General, WinME
General, Win98 Windows Update, and Windows Update newsgroups for
maximum exposure. Please eliminate needless crossposting when
replying to this message.]

Microsoft Security Bulletin MS05-002: Vulnerability in Cursor and
Icon Format Handling Could Allow Remote Code Execution (891711):
http://www.microsoft.com/technet/Sec.../ms05-002.mspx

quote
Why was this security bulletin updated on April 12, 2005?

After the release of the MS05-002 security bulletin, Microsoft
became aware of an issue affecting customers deploying the Windows
98, 98SE and ME security update. In most cases, the issue caused
machines to unexpectedly restart.

Microsoft has investigated this issue and has made available revised
security updates for these platforms. These revised security
updates are available from Windows Update and the Microsoft
Download Center. Customers who have not yet applied the original
version of these updates should visit Windows Update to receive the
revised updates.

[NB:] Customers who have already applied the original Windows 98,
98SE and ME security update are advised to install the current
revision of the update from Windows Update.

snip

Are Windows 98, Windows 98 Second Edition, or Windows Millennium
Edition critically affected by any of the vulnerabilities that are
addressed in this security bulletin?

Yes. Windows 98, Windows 98 Second Edition, and Windows Millennium
Edition are critically affected by this vulnerability. A Critical
security update for these platforms is available and is provided as
part of this security bulletin and can be downloaded /only/ from the
Windows Update Web site. [Emphasis added]
/quote

Thanks to all those who called MS at 1-866-PCSAFETY about the bug in
891711 as released in Feb-05. Your documentation of the problems
caused by 891711 played a major role in getting them fixed.

AFAIK KB891711 should no longer load at Startup and display as a
running Process.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (Shell, IE/OE) & Security

thank you all! after i deleted the run- & other folders from registry, i
noticed some of my items listed on msconfig start up were gone. i had also
"remembered the change" check box in spy bot; its advisory screens kept
viewing. what if i just went back scanreg /restore to BEFORE i deleted the
registry entries, & start fresh?
thank you, len kiesling

"PA Bear" wrote in message
...
after changes were made on machine yesterday, 4-11, i turned it off. on
today, 4-12 & still running. will the changed scanreg /restore be of
4-11's date?

The Safe Boot dated today will not include any changes to the Registry
made
after booting today.

The Safe Boot dated yesterday will not include any changes to the Registry
made after booting yesterday.

also my thinking was to uninstall the old first, as others have.

That'd be my thinking, too, but "when in doubt, read the directions."
eg
[G'wan, see if it works!]
--
~PAÞ


Leonard F Kiesling wrote:
pa
thanks for reply! there were a few deletions of registry sub folders, &
not individual values as viewed in the right pane of regedit. they were
(to the best of my memory) Run- RunServices- windows- they all had
the minus sign as viewed. i DO recall the minus signs, & Run- was
definately the first deletion. don't recall the start of the paths.

after changes were made on machine yesterday, 4-11, i turned it off. on
today, 4-12 & still running. will the changed scanreg /restore be of
4-11's date?

also my thinking was to uninstall the old first, as others have. your
direction is clear to leave old one installed. i may call the pcsafety #
anyway. if i do, i'll gladly post info! i have always appreciated your
help!!!
thanks, len kiesling




"PA Bear" wrote in message
...
[Non-Win98 newsgroups eliminated from crosspost]

Taking the write-up at face value, Len, I'd install 891711 on top of
what you've got now.

We don't know what manual fixes MS had you perform yesterday. For all
we know, today's release might include some last-minute additions to
what you did manually. (None of us had any notice that 891711 was
going to be re-released today.) I suppose you might call
1-866-PCSAFETY again about this but unfortunately I'm not sure you'd
get anybody on the other end who'd be able to give you an informed,
straight answer.

Should something go amiss after installing 891711, a 'Scanreg
/restore'
should be able to "undo" things. In such a scenario, choose a boot
post-dating the manual changes you made under the MS tech's direction.

890923 is an unrelated, Cumulative Security Update for IE6 SP1.
--
~PA Bear

Leonard F Kiesling wrote:
pa, i don't know where to post. but i followed your lead in win
update
site. thanks for all this info!

yesterday, 4-11-05, microsoft walked me thru a removal process in
the
registry, & deleted the bad executable file. after reading thru
recent
posts, my thinking is to uninstall the kb891711 update, & use the
windows site to install the updated version.

as i'm writing this, my auto update popped up. went to WU site. says
i
need kb890923 & kb891711. should i uninstall the old kb891711 thru
add
remove? & then install these 2 from WU?

thanks for all your help! len kiesling

"PA Bear" wrote in message
...
[Crossposted to Security, Security.Homeusers, Win98 General, WinME
General, Win98 Windows Update, and Windows Update newsgroups for
maximum exposure. Please eliminate needless crossposting when
replying to this message.]

Microsoft Security Bulletin MS05-002: Vulnerability in Cursor and
Icon Format Handling Could Allow Remote Code Execution (891711):
http://www.microsoft.com/technet/Sec.../ms05-002.mspx

quote
Why was this security bulletin updated on April 12, 2005?

After the release of the MS05-002 security bulletin, Microsoft
became aware of an issue affecting customers deploying the Windows
98, 98SE and ME security update. In most cases, the issue caused
machines to unexpectedly restart.

Microsoft has investigated this issue and has made available
revised
security updates for these platforms. These revised security
updates are available from Windows Update and the Microsoft
Download Center. Customers who have not yet applied the original
version of these updates should visit Windows Update to receive
the
revised updates.

[NB:] Customers who have already applied the original Windows 98,
98SE and ME security update are advised to install the current
revision of the update from Windows Update.

snip

Are Windows 98, Windows 98 Second Edition, or Windows Millennium
Edition critically affected by any of the vulnerabilities that are
addressed in this security bulletin?

Yes. Windows 98, Windows 98 Second Edition, and Windows Millennium
Edition are critically affected by this vulnerability. A Critical
security update for these platforms is available and is provided
as
part of this security bulletin and can be downloaded /only/ from
the
Windows Update Web site. [Emphasis added]
/quote

Thanks to all those who called MS at 1-866-PCSAFETY about the bug
in
891711 as released in Feb-05. Your documentation of the problems
caused by 891711 played a major role in getting them fixed.

AFAIK KB891711 should no longer load at Startup and display as a
running Process.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (Shell, IE/OE) & Security

Tsc didn't come in with mine. It must be as Terhune is saying.


--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR

"Elizabeth" wrote in message
...
| I just uninstalled KB891711 through Add/Remove Programs (which had
| been unchecked) and downloaded and installed today's KB891711. I
| rebooted and immediately checked the task list. While KB891711 wasn't
| listed, Tsc was. What is Tsc? I checked it in Google, and can't find
| it. But Tsc wasn't in my task list until this update.
|
| Beth
|
| On Tue, 12 Apr 2005 23:20:34 +0100, "Mike M"
| wrote:
|
| Gary S. Terhune wrote:
|
| Reading a dslreports.com thread, I notice a report that says that
| while the new KB891711 doesn't show when you press Ctrl-Alt-Del, it
| does show as a running process by End-It-All.
|
| Is that the post you're referring to, Steve? Can anyone else
confirm?
| cf. http://www.broadbandreports.com/forum/remark,13151929
|
| As a running service it will be seen using a utility such as
End-It-All or
| any decent process viewer - even the aged WinTop. What is no longer
seen
| is an entry in the Win 9x Ctrl-Alt-Del Close Program window as
KB891711 is
| no longer being launched from the
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru n key but instead,
and
| more correctly, from the RunServices key.
|