-=PCTechTalk=- Re: Win ME Patch error

Hi Robert,
I hate to disagree but MS does send out patch notifications to Technet
subscribers;
I recieved this one yesterday
<http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS03-006.asp>

it is on my web page now Quote;

Microsoft Security Bulletin MS03-006
Security Update for Microsoft Windows Millennium Edition (Windows Me):

http://www.microsoft.com/security/security_bulletins/ms03-006.asp

WHY WE ARE ISSUING THIS UPDATE:
An identified security issue in the Microsoft Windows(R) Millennium Edition
(Windows Me) Help and Support Center could enable an attacker to read files
or run programs on a computer that visited a malicious Web site. You can
help protect your computer by installing this update from Microsoft.

PRODUCT AFFECTED:
Microsoft Windows Millennium Edition (Windows Me) 

You can learn more about Microsoft software distribution policies here:
http://www.microsoft.com/technet/security/policy/swdist.asp
______________________________________________________
______________________________________________________
Panda also sent out a notice on it today;

Oxygen3 
 http://www.pandasoftware.com/about/press/oxygen3/oxygen.asp 
  
 Important Update for Windows Me 


"Thought is the steed; reason the rider." 
George Sand (1804-1876); French writer. 


Madrid, February 27 2003 - Microsoft has released an update for Windows Me
to fix a critical vulnerability that could be used to run arbitrary code.

The problem stems from a buffer overflow vulnerability related to the "Help
and Support Center" (HSP), which uses the prefix "hcp://" instead of
"http://"; in URL links. As the URL Handler for the "hcp://" prefix contains
an unchecked buffer, if an attacker were to craft a special URL they could
provoke a buffer overflow. If a user were to click on the link constructed
by the attacker, code would be executed in the Local Computer security
context. 
++ There is more on the web site.

___________________________________________________
___________________________________________________

Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www.mwn.ca/ ***UPDATED 27/02/03
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
See my Anti-Virus pages  
<http://www3.telus.net/mikebike/mikes_virus_page.htm> 
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance Charter Member 
http://groups.yahoo.com/group/techsupportalliance/
*********** REPLY SEPARATOR  ***********

On 27/02/2003 at 6:28 PM Robert Wiens wrote:

Also Microsoft will never send out patch notifications
by e-mail (or any other method). If there is a patch
you must find out about it and get it yourself

--- Robert Carneal <carnealr@xxxxxxxxxxxx> wrote:
> 
> Several people have written to me saying they
> downloaded a patch for 
> Windows ME. It has a virus.  After I pinned a few of
> them down, two of 
> admitted they did not obtain the download from
> Microsoft. They downloaded 
> it because they received an email from Microsoff
> saying they HAD to. They 
> clicked on the link provided and did not observe the
> link re-directed them 
> to web site where the supposed patch downloaded
> automatically.
> 
> Please people, updates and upgrades for Windows
> comes from Microsoft, not 
> Mircrosff (The second name as two "Fs" in it.).
> Please be careful.
> 
> Robert Carneal
> carnealr@xxxxxxxxxxxx



To unsub or change your email settings:
http://www.freelists.org/webpage/pctechtalk

To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
http://www.freelists.org/archives/pctechtalk/

For more info:
http://www.freelists.org/cgi-bin/list?list_id=pctechtalk

Other related posts: