-=PCTechTalk=- Re: Win ME Patch error

• From: "DH (Rick) Holmes" <hayvan@xxxxxxxxxx>
• To: pctechtalk@xxxxxxxxxxxxx
• Date: Fri, 28 Feb 2003 17:10:00 +1300

I, too, hate to disagree, but this update does not seem to be relevant 
to WinMe when you get to the nitty-gritty. What I see are patches for 
95,98, 2000, but not Me. Installation attempt says the patch is not for 
my version of Windows - and I have WinMe!

I know it says its for Me early in the piece!

Am I missing something?
Any advice welcome.  TIA

Rick H

Mike wrote:
> Hi Robert,
> I hate to disagree but MS does send out patch notifications to Technet
> subscribers;
> I recieved this one yesterday
> <http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
> bulletin/MS03-006.asp>
> 
> it is on my web page now Quote;
> 
> Microsoft Security Bulletin MS03-006
> Security Update for Microsoft Windows Millennium Edition (Windows Me):
> 
> http://www.microsoft.com/security/security_bulletins/ms03-006.asp
> 
> WHY WE ARE ISSUING THIS UPDATE:
> An identified security issue in the Microsoft Windows(R) Millennium Edition
> (Windows Me) Help and Support Center could enable an attacker to read files
> or run programs on a computer that visited a malicious Web site. You can
> help protect your computer by installing this update from Microsoft.
> 
> PRODUCT AFFECTED:
> Microsoft Windows Millennium Edition (Windows Me) 
> 
> You can learn more about Microsoft software distribution policies here:
> http://www.microsoft.com/technet/security/policy/swdist.asp
> ______________________________________________________
> ______________________________________________________
> Panda also sent out a notice on it today;
> 
> Oxygen3 
>  http://www.pandasoftware.com/about/press/oxygen3/oxygen.asp 
>   
>  Important Update for Windows Me 
> 
> 
> "Thought is the steed; reason the rider." 
> George Sand (1804-1876); French writer. 
> 
> 
> Madrid, February 27 2003 - Microsoft has released an update for Windows Me
> to fix a critical vulnerability that could be used to run arbitrary code.
> 
> The problem stems from a buffer overflow vulnerability related to the "Help
> and Support Center" (HSP), which uses the prefix "hcp://" instead of
> "http://"; in URL links. As the URL Handler for the "hcp://" prefix contains
> an unchecked buffer, if an attacker were to craft a special URL they could
> provoke a buffer overflow. If a user were to click on the link constructed
> by the attacker, code would be executed in the Local Computer security
> context. 
> ++ There is more on the web site.
> 
> ___________________________________________________
> ___________________________________________________
> 
> Mike ~ It is a good day if I learned something new.
> Editor MikesWhatsNews see a sample on my web page
> http://www.mwn.ca/ ***UPDATED 27/02/03
> <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
> See my Anti-Virus pages  
> <http://www3.telus.net/mikebike/mikes_virus_page.htm> 
> <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
> A Technical Support Alliance Charter Member 
> http://groups.yahoo.com/group/techsupportalliance/
> *********** REPLY SEPARATOR  ***********
> 
> On 27/02/2003 at 6:28 PM Robert Wiens wrote:
> 
> Also Microsoft will never send out patch notifications
> by e-mail (or any other method). If there is a patch
> you must find out about it and get it yourself
> 
> --- Robert Carneal <carnealr@xxxxxxxxxxxx> wrote:
> 
>>Several people have written to me saying they
>>downloaded a patch for 
>>Windows ME. It has a virus.  After I pinned a few of
>>them down, two of 
>>admitted they did not obtain the download from
>>Microsoft. They downloaded 
>>it because they received an email from Microsoff
>>saying they HAD to. They 
>>clicked on the link provided and did not observe the
>>link re-directed them 
>>to web site where the supposed patch downloaded
>>automatically.
>>
>>Please people, updates and upgrades for Windows
>>comes from Microsoft, not 
>>Mircrosff (The second name as two "Fs" in it.).
>>Please be careful.
>>
>>Robert Carneal
>>carnealr@xxxxxxxxxxxx
> 
> 
> 
> 
> To unsub or change your email settings:
> http://www.freelists.org/webpage/pctechtalk
> 
> To access our Archives:
> http://groups.yahoo.com/group/PCTechTalk/messages/
> http://www.freelists.org/archives/pctechtalk/
> 
> For more info:
> http://www.freelists.org/cgi-bin/list?list_id=pctechtalk
> 
> 
> 

To unsub or change your email settings:
http://www.freelists.org/webpage/pctechtalk

To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
http://www.freelists.org/archives/pctechtalk/

For more info:
http://www.freelists.org/cgi-bin/list?list_id=pctechtalk

• Follow-Ups:
  • -=PCTechTalk=- Re: Win ME Patch error
    • From: Glo

• References:
  • -=PCTechTalk=- Re: Win ME Patch error
    • From: Robert Wiens
  • -=PCTechTalk=- Re: Win ME Patch error
    • From: Mike

Other related posts:

• » -=PCTechTalk=- Re: Win ME Patch error
• » -=PCTechTalk=- Re: Win ME Patch error
• » -=PCTechTalk=- Re: Win ME Patch error
• » -=PCTechTalk=- Re: Win ME Patch error
• » -=PCTechTalk=- Re: Win ME Patch error
• » -=PCTechTalk=- Re: Win ME Patch error
• » -=PCTechTalk=- Re: Win ME Patch error
• » -=PCTechTalk=- Re: Win ME Patch error
• » -=PCTechTalk=- Re: Win ME Patch error
• » -=PCTechTalk=- Re: Win ME Patch error

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription