-=PCTechTalk=- Re: Win ME Patch error

Mike-

I don't see this as disagreeing at all. I see it as clarifying what I am 
encouraging. Remember, I said these people got it from MOCROSOFF (two 
"F"s). Thanks for jumping in!

Btw, does anyone know how I can subscribe to Technet? Sounds like a good 
resource.

Robert

At 2/27/2003 08:58 PM, you wrote:

>Hi Robert,
>I hate to disagree but MS does send out patch notifications to Technet
>subscribers;
>I recieved this one yesterday
><http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
>bulletin/MS03-006.asp>
>
>it is on my web page now Quote;
>
>Microsoft Security Bulletin MS03-006
>Security Update for Microsoft Windows Millennium Edition (Windows Me):
>
>http://www.microsoft.com/security/security_bulletins/ms03-006.asp
>
>WHY WE ARE ISSUING THIS UPDATE:
>An identified security issue in the Microsoft Windows(R) Millennium Edition
>(Windows Me) Help and Support Center could enable an attacker to read files
>or run programs on a computer that visited a malicious Web site. You can
>help protect your computer by installing this update from Microsoft.
>
>PRODUCT AFFECTED:
>Microsoft Windows Millennium Edition (Windows Me)
>
>You can learn more about Microsoft software distribution policies here:
>http://www.microsoft.com/technet/security/policy/swdist.asp
>______________________________________________________
>______________________________________________________
>Panda also sent out a notice on it today;
>
>Oxygen3
>  http://www.pandasoftware.com/about/press/oxygen3/oxygen.asp
>
>  Important Update for Windows Me
>
>
>"Thought is the steed; reason the rider."
>George Sand (1804-1876); French writer.
>
>
>Madrid, February 27 2003 - Microsoft has released an update for Windows Me
>to fix a critical vulnerability that could be used to run arbitrary code.
>
>The problem stems from a buffer overflow vulnerability related to the "Help
>and Support Center" (HSP), which uses the prefix "hcp://" instead of
>"http://"; in URL links. As the URL Handler for the "hcp://" prefix contains
>an unchecked buffer, if an attacker were to craft a special URL they could
>provoke a buffer overflow. If a user were to click on the link constructed
>by the attacker, code would be executed in the Local Computer security
>context.
>++ There is more on the web site.
>
>___________________________________________________
>___________________________________________________
>
>Mike ~ It is a good day if I learned something new.
>Editor MikesWhatsNews see a sample on my web page
>http://www.mwn.ca/ ***UPDATED 27/02/03
><mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
>See my Anti-Virus pages
><http://www3.telus.net/mikebike/mikes_virus_page.htm>
><virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
>A Technical Support Alliance Charter Member
>http://groups.yahoo.com/group/techsupportalliance/
>*********** REPLY SEPARATOR  ***********
>
>On 27/02/2003 at 6:28 PM Robert Wiens wrote:
>
>Also Microsoft will never send out patch notifications
>by e-mail (or any other method). If there is a patch
>you must find out about it and get it yourself
>
>--- Robert Carneal <carnealr@xxxxxxxxxxxx> wrote:
> >
> > Several people have written to me saying they
> > downloaded a patch for
> > Windows ME. It has a virus.  After I pinned a few of
> > them down, two of
> > admitted they did not obtain the download from
> > Microsoft. They downloaded
> > it because they received an email from Microsoff
> > saying they HAD to. They
> > clicked on the link provided and did not observe the
> > link re-directed them
> > to web site where the supposed patch downloaded
> > automatically.
> >
> > Please people, updates and upgrades for Windows
> > comes from Microsoft, not
> > Mircrosff (The second name as two "Fs" in it.).
> > Please be careful.
> >
> > Robert Carneal
> > carnealr@xxxxxxxxxxxx


To unsub or change your email settings:
http://www.freelists.org/webpage/pctechtalk

To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
http://www.freelists.org/archives/pctechtalk/

For more info:
http://www.freelists.org/cgi-bin/list?list_id=pctechtalk

Other related posts: