A Windows 98 & ME forum. Win98banter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » Win98banter forum » Windows ME » General
Site Map Home Authors List Search Today's Posts Mark Forums Read Web Partners

Microsoft Security Bulletin MS04-023--Please Note!



 
 
Thread Tools Display Modes
  #1  
Old July 14th 04, 12:17 AM
Gary S. Terhune
external usenet poster
 
Posts: n/a
Default Microsoft Security Bulletin MS04-023--Please Note!

The Update related to this Securty Bulletin is now available at Windows =
Updates for Windows 98/98SE and Millennium Edition (at least, it's in =
the Catalog.) Since there is no Windows Updates for Windows 95, I =
figure Win95 users are SOL due to the following FAQ in the Bulletin:

Q. Are Windows 98, Windows 98 Second Edition, or Windows Millennium =
Edition critically affected by any of the vulnerabilities that are =
addressed in this security bulletin?

A. Yes. Security updates will be made available as soon as possible =
following the release. When these security updates are available, you =
will be able to download them only from the Windows Update Web site.

--=20
Gary S. Terhune
MS MVP for Win9x
=20
"Emily F [MSFT]" wrote in message =
...
Today, Microsoft released the following Security Bulletin:
http://www.microsoft.com/technet/sec.../ms04-023.mspx
Microsoft Security Bulletin MS04-023
Vulnerability in HTML Help Could Allow Code Execution (840315)
=20
Issued: July 13, 2004
Version: 1.0
Executive Summary:
This update resolves two newly-discovered vulnerabilities. The HTML =

Help
vulnerability was privately reported and the showHelp vulnerability is
public. Each vulnerability is documented in this bulletin in its own
Vulnerability Details section.
If a user is logged on with administrative privileges, an attacker who
successfully exploited the most severe of these vulnerabilities could =

take
complete control of an affected system, including installing programs;
viewing, changing, or deleting data; or creating new accounts that =

have full
privileges. Users whose accounts are configured to have fewer =

privileges on
the system would be at less risk than users who operate with =

administrative
privileges.
We recommend that customers apply the update immediately
=20
Summary
Who should read this document: Customers who use Microsoft=AE =

Windows=AE
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should apply the update immediately.
Security Update Replacement: None
Caveats: Windows NT Workstation 4.0, Windows NT Server 4.0 and Windows =

NT
4.0 Terminal Server Edition are not affected by default. However if =

you have
installed Internet Explorer 5.5 Service Pack 2 or Internet Explorer =

6.0
Service Pack 1 you will have the vulnerable component on your system.
Tested Software and Security Update Download Locations:
Affected Softwa
.Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service =

Pack
3, Microsoft Windows 2000 Service Pack 4 - Download the update
.Microsoft Windows XP and Microsoft Windows XP Service Pack 1 - =

Download the
update
.Microsoft Windows XP 64-Bit Edition Service Pack 1 - Download the =

update
.Microsoft Windows XP 64-Bit Edition Version 2003 - Download the =

update
.Microsoft Windows ServerT 2003 - Download the update
.Microsoft Windows Server 2003 64-Bit Edition - Download the update
.Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (Me) - Review the FAQ section of =

this
bulletin for details about these operating systems.
=20

  #2  
Old July 14th 04, 12:35 AM
Brian A.
external usenet poster
 
Posts: n/a
Default Microsoft Security Bulletin MS04-023--Please Note!

And I notice the other 2 say No to that Q.

--=20
Brian A.

Jack of all trades, Master of none.
One can never truly be a master as there is always more to learn.


"Gary S. Terhune" wrote in message =
...
The Update related to this Securty Bulletin is now available at Windows =
Updates for Windows 98/98SE and Millennium Edition (at least, it's in =
the Catalog.) Since there is no Windows Updates for Windows 95, I =
figure Win95 users are SOL due to the following FAQ in the Bulletin:

Q. Are Windows 98, Windows 98 Second Edition, or Windows Millennium =
Edition critically affected by any of the vulnerabilities that are =
addressed in this security bulletin?

A. Yes. Security updates will be made available as soon as possible =
following the release. When these security updates are available, you =
will be able to download them only from the Windows Update Web site.

--=20
Gary S. Terhune
MS MVP for Win9x
=20
"Emily F [MSFT]" wrote in message =
...
Today, Microsoft released the following Security Bulletin:
http://www.microsoft.com/technet/sec.../ms04-023.mspx
Microsoft Security Bulletin MS04-023
Vulnerability in HTML Help Could Allow Code Execution (840315)
=20
Issued: July 13, 2004
Version: 1.0
Executive Summary:
This update resolves two newly-discovered vulnerabilities. The HTML =

Help
vulnerability was privately reported and the showHelp vulnerability is
public. Each vulnerability is documented in this bulletin in its own
Vulnerability Details section.
If a user is logged on with administrative privileges, an attacker who
successfully exploited the most severe of these vulnerabilities could =

take
complete control of an affected system, including installing programs;
viewing, changing, or deleting data; or creating new accounts that =

have full
privileges. Users whose accounts are configured to have fewer =

privileges on
the system would be at less risk than users who operate with =

administrative
privileges.
We recommend that customers apply the update immediately
=20
Summary
Who should read this document: Customers who use Microsoft=AE =

Windows=AE
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should apply the update immediately.
Security Update Replacement: None
Caveats: Windows NT Workstation 4.0, Windows NT Server 4.0 and Windows =

NT
4.0 Terminal Server Edition are not affected by default. However if =

you have
installed Internet Explorer 5.5 Service Pack 2 or Internet Explorer =

6.0
Service Pack 1 you will have the vulnerable component on your system.
Tested Software and Security Update Download Locations:
Affected Softwa
.Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service =

Pack
3, Microsoft Windows 2000 Service Pack 4 - Download the update
.Microsoft Windows XP and Microsoft Windows XP Service Pack 1 - =

Download the
update
.Microsoft Windows XP 64-Bit Edition Service Pack 1 - Download the =

update
.Microsoft Windows XP 64-Bit Edition Version 2003 - Download the =

update
.Microsoft Windows ServerT 2003 - Download the update
.Microsoft Windows Server 2003 64-Bit Edition - Download the update
.Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (Me) - Review the FAQ section of =

this
bulletin for details about these operating systems.
=20

  #3  
Old July 14th 04, 04:04 AM
Gary S. Terhune
external usenet poster
 
Posts: n/a
Default Microsoft Security Bulletin MS04-023--Please Note!

Yeah, I noticed. And had already spouted off in another forum about this =
issue when I made the mistake of cranking up two massive printers at =
once, overloading my UPSes, and crashing everything, even my router.

Decided it might be a good time to go do something else for a while, =
g.

--=20
Gary S. Terhune
MS MVP for Win9x
=20
"Brian A." GoneFishn@aFarAwayLake wrote in message =
...
And I notice the other 2 say No to that Q.

--=20
Brian A.

Jack of all trades, Master of none.
One can never truly be a master as there is always more to learn.


"Gary S. Terhune" wrote in message =
...
The Update related to this Securty Bulletin is now available at Windows =
Updates for Windows 98/98SE and Millennium Edition (at least, it's in =
the Catalog.) Since there is no Windows Updates for Windows 95, I =
figure Win95 users are SOL due to the following FAQ in the Bulletin:

Q. Are Windows 98, Windows 98 Second Edition, or Windows Millennium =
Edition critically affected by any of the vulnerabilities that are =
addressed in this security bulletin?

A. Yes. Security updates will be made available as soon as possible =
following the release. When these security updates are available, you =
will be able to download them only from the Windows Update Web site.

--=20
Gary S. Terhune
MS MVP for Win9x
=20
"Emily F [MSFT]" wrote in message =
...
Today, Microsoft released the following Security Bulletin:
http://www.microsoft.com/technet/sec.../ms04-023.mspx
Microsoft Security Bulletin MS04-023
Vulnerability in HTML Help Could Allow Code Execution (840315)
=20
Issued: July 13, 2004
Version: 1.0
Executive Summary:
This update resolves two newly-discovered vulnerabilities. The HTML =

Help
vulnerability was privately reported and the showHelp vulnerability is
public. Each vulnerability is documented in this bulletin in its own
Vulnerability Details section.
If a user is logged on with administrative privileges, an attacker who
successfully exploited the most severe of these vulnerabilities could =

take
complete control of an affected system, including installing programs;
viewing, changing, or deleting data; or creating new accounts that =

have full
privileges. Users whose accounts are configured to have fewer =

privileges on
the system would be at less risk than users who operate with =

administrative
privileges.
We recommend that customers apply the update immediately
=20
Summary
Who should read this document: Customers who use Microsoft=AE =

Windows=AE
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should apply the update immediately.
Security Update Replacement: None
Caveats: Windows NT Workstation 4.0, Windows NT Server 4.0 and Windows =

NT
4.0 Terminal Server Edition are not affected by default. However if =

you have
installed Internet Explorer 5.5 Service Pack 2 or Internet Explorer =

6.0
Service Pack 1 you will have the vulnerable component on your system.
Tested Software and Security Update Download Locations:
Affected Softwa
.Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service =

Pack
3, Microsoft Windows 2000 Service Pack 4 - Download the update
.Microsoft Windows XP and Microsoft Windows XP Service Pack 1 - =

Download the
update
.Microsoft Windows XP 64-Bit Edition Service Pack 1 - Download the =

update
.Microsoft Windows XP 64-Bit Edition Version 2003 - Download the =

update
.Microsoft Windows ServerT 2003 - Download the update
.Microsoft Windows Server 2003 64-Bit Edition - Download the update
.Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (Me) - Review the FAQ section of =

this
bulletin for details about these operating systems.
=20

  #4  
Old July 14th 04, 04:21 AM
Gary S. Terhune
external usenet poster
 
Posts: n/a
Default Microsoft Security Bulletin MS04-023--Please Note!

It *says* no Win9x is supported in the Bulletin for MS04-018, but there =
actually is a patch available to Win98/98SE users--*if* they have IE6SP1 =
installed

The only version for OE5.5SP2 is on the ME platform. The only patch for =
OE6.0 is on the WinXP platform.

All in all, it's a real messy situation.

--=20
Gary S. Terhune
MS MVP for Win9x
=20
"Brian A." GoneFishn@aFarAwayLake wrote in message =
...
And I notice the other 2 say No to that Q.

--=20
Brian A.

Jack of all trades, Master of none.
One can never truly be a master as there is always more to learn.


"Gary S. Terhune" wrote in message =
...
The Update related to this Securty Bulletin is now available at Windows =
Updates for Windows 98/98SE and Millennium Edition (at least, it's in =
the Catalog.) Since there is no Windows Updates for Windows 95, I =
figure Win95 users are SOL due to the following FAQ in the Bulletin:

Q. Are Windows 98, Windows 98 Second Edition, or Windows Millennium =
Edition critically affected by any of the vulnerabilities that are =
addressed in this security bulletin?

A. Yes. Security updates will be made available as soon as possible =
following the release. When these security updates are available, you =
will be able to download them only from the Windows Update Web site.

--=20
Gary S. Terhune
MS MVP for Win9x
=20
"Emily F [MSFT]" wrote in message =
...
Today, Microsoft released the following Security Bulletin:
http://www.microsoft.com/technet/sec.../ms04-023.mspx
Microsoft Security Bulletin MS04-023
Vulnerability in HTML Help Could Allow Code Execution (840315)
=20
Issued: July 13, 2004
Version: 1.0
Executive Summary:
This update resolves two newly-discovered vulnerabilities. The HTML =

Help
vulnerability was privately reported and the showHelp vulnerability is
public. Each vulnerability is documented in this bulletin in its own
Vulnerability Details section.
If a user is logged on with administrative privileges, an attacker who
successfully exploited the most severe of these vulnerabilities could =

take
complete control of an affected system, including installing programs;
viewing, changing, or deleting data; or creating new accounts that =

have full
privileges. Users whose accounts are configured to have fewer =

privileges on
the system would be at less risk than users who operate with =

administrative
privileges.
We recommend that customers apply the update immediately
=20
Summary
Who should read this document: Customers who use Microsoft=AE =

Windows=AE
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should apply the update immediately.
Security Update Replacement: None
Caveats: Windows NT Workstation 4.0, Windows NT Server 4.0 and Windows =

NT
4.0 Terminal Server Edition are not affected by default. However if =

you have
installed Internet Explorer 5.5 Service Pack 2 or Internet Explorer =

6.0
Service Pack 1 you will have the vulnerable component on your system.
Tested Software and Security Update Download Locations:
Affected Softwa
.Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service =

Pack
3, Microsoft Windows 2000 Service Pack 4 - Download the update
.Microsoft Windows XP and Microsoft Windows XP Service Pack 1 - =

Download the
update
.Microsoft Windows XP 64-Bit Edition Service Pack 1 - Download the =

update
.Microsoft Windows XP 64-Bit Edition Version 2003 - Download the =

update
.Microsoft Windows ServerT 2003 - Download the update
.Microsoft Windows Server 2003 64-Bit Edition - Download the update
.Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (Me) - Review the FAQ section of =

this
bulletin for details about these operating systems.
=20

  #5  
Old July 14th 04, 04:39 AM
PCR
external usenet poster
 
Posts: n/a
Default Microsoft Security Bulletin MS04-023--Please Note!

It appears to offer just TWO of them to me... ME!... a fully updated
Win98SE IE6 SP1. How many are you getting? Can it be, the third will be
offered only after one these has been installed?

........Quote............................
Cumulative Security Update for Outlook Express 6 SP1 (KB823353)
Download size: 1.9 MB, 6 minutes
A vulnerability exists in Outlook Express that could allow an attacker
to cause Outlook Express to fail. You can help protect your computer by
installing this update. After you install this update you may need to
restart your computer. Read more...

Remove
Security Update for Windows 98 (KB840315)
Download size: 202 KB, 1 minute
A security issue has been identified that could allow an attacker to
compromise a computer running Windows and gain control over it. You can
help protect your computer by installing this update from Microsoft.
After you install this item, you may have to restart your computer. Once
you have installed this item, it cannot be removed. Read more...
........End of quote...................

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR

"Brian A." GoneFishn@aFarAwayLake wrote in message
...
And I notice the other 2 say No to that Q.

--
Brian A.

Jack of all trades, Master of none.
One can never truly be a master as there is always more to learn.


"Gary S. Terhune" wrote in message
...
The Update related to this Securty Bulletin is now available at Windows
Updates for Windows 98/98SE and Millennium Edition (at least, it's in
the Catalog.) Since there is no Windows Updates for Windows 95, I
figure Win95 users are SOL due to the following FAQ in the Bulletin:

Q. Are Windows 98, Windows 98 Second Edition, or Windows Millennium
Edition critically affected by any of the vulnerabilities that are
addressed in this security bulletin?

A. Yes. Security updates will be made available as soon as possible
following the release. When these security updates are available, you
will be able to download them only from the Windows Update Web site.

--
Gary S. Terhune
MS MVP for Win9x

"Emily F [MSFT]" wrote in message
...
Today, Microsoft released the following Security Bulletin:
http://www.microsoft.com/technet/sec.../ms04-023.mspx
Microsoft Security Bulletin MS04-023
Vulnerability in HTML Help Could Allow Code Execution (840315)

Issued: July 13, 2004
Version: 1.0
Executive Summary:
This update resolves two newly-discovered vulnerabilities. The HTML

Help
vulnerability was privately reported and the showHelp vulnerability is
public. Each vulnerability is documented in this bulletin in its own
Vulnerability Details section.
If a user is logged on with administrative privileges, an attacker who
successfully exploited the most severe of these vulnerabilities could

take
complete control of an affected system, including installing programs;
viewing, changing, or deleting data; or creating new accounts that

have full
privileges. Users whose accounts are configured to have fewer

privileges on
the system would be at less risk than users who operate with

administrative
privileges.
We recommend that customers apply the update immediately

Summary
Who should read this document: Customers who use Microsoft® Windows®
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should apply the update immediately.
Security Update Replacement: None
Caveats: Windows NT Workstation 4.0, Windows NT Server 4.0 and Windows

NT
4.0 Terminal Server Edition are not affected by default. However if

you have
installed Internet Explorer 5.5 Service Pack 2 or Internet Explorer

6.0
Service Pack 1 you will have the vulnerable component on your system.


Tested Software and Security Update Download Locations:
Affected Softwa
.Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service

Pack
3, Microsoft Windows 2000 Service Pack 4 - Download the update
.Microsoft Windows XP and Microsoft Windows XP Service Pack 1 -

Download the
update
.Microsoft Windows XP 64-Bit Edition Service Pack 1 - Download the

update
.Microsoft Windows XP 64-Bit Edition Version 2003 - Download the

update
.Microsoft Windows ServerT 2003 - Download the update
.Microsoft Windows Server 2003 64-Bit Edition - Download the update
.Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (Me) - Review the FAQ section of

this
bulletin for details about these operating systems.




 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Microsoft Security Bulletin MS04-023 Vulnerability in HTML HelpCould Allow Code Execution (840315) David Ross General 14 July 17th 04 09:52 PM
Microsoft Security Bulletin MS04-018 - Cumulative Security Update for Outlook Express (823353) PA Bear General 5 July 15th 04 05:49 AM
Microsoft Security Bulletin MS04-024 - Vulnerability in Windows Shell Could Allow Remote Code Execution (839645) Gary S. Terhune General 2 July 14th 04 05:06 AM
Microsoft Security Bulletin MS04-023--Please Note! Gary S. Terhune General 4 July 14th 04 04:39 AM
Please help! Display settings !! Mitzi Monitors & Displays 12 July 11th 04 05:19 AM


All times are GMT +1. The time now is 05:52 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 Win98banter.
The comments are property of their posters.