-=PCTechTalk=- Re: Win ME Patch error

Hi Rick, you should try again.  I have ME and went to the link Chazzman 
suggested  http://www.microsoft.com/technet/security/bulletin/MS03-006.asp  and 
there the patch was--well, there the link was, to Windows Update.  I have 
Automatic Update and had received this patch yesterday, just wasn't paying 
attention I guess.  Fortunately, the updates page has an option to view 
installation history and it showed that I had installed the patch already. But 
it is definitely there :o)



From: DH (Rick) Holmes 
  To: pctechtalk@xxxxxxxxxxxxx 
  Sent: Thursday, February 27, 2003 9:10 PM
  Subject: -=PCTechTalk=- Re: Win ME Patch error



  I, too, hate to disagree, but this update does not seem to be relevant 
  to WinMe when you get to the nitty-gritty. What I see are patches for 
  95,98, 2000, but not Me. Installation attempt says the patch is not for 
  my version of Windows - and I have WinMe!

  I know it says its for Me early in the piece!

  Am I missing something?
  Any advice welcome.  TIA

  Rick H

  Mike wrote:
  > Hi Robert,
  > I hate to disagree but MS does send out patch notifications to Technet
  > subscribers;
  > I recieved this one yesterday
  > 
<http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
  > bulletin/MS03-006.asp>
  > 
  > it is on my web page now Quote;
  > 
  > Microsoft Security Bulletin MS03-006
  > Security Update for Microsoft Windows Millennium Edition (Windows Me):
  > 
  > http://www.microsoft.com/security/security_bulletins/ms03-006.asp
  > 
  > WHY WE ARE ISSUING THIS UPDATE:
  > An identified security issue in the Microsoft Windows(R) Millennium Edition
  > (Windows Me) Help and Support Center could enable an attacker to read files
  > or run programs on a computer that visited a malicious Web site. You can
  > help protect your computer by installing this update from Microsoft.
  > 
  > PRODUCT AFFECTED:
  > Microsoft Windows Millennium Edition (Windows Me) 
  > 
  > You can learn more about Microsoft software distribution policies here:
  > http://www.microsoft.com/technet/security/policy/swdist.asp
  > ______________________________________________________
  > ______________________________________________________
  > Panda also sent out a notice on it today;
  > 
  > Oxygen3 
  >  http://www.pandasoftware.com/about/press/oxygen3/oxygen.asp 
  >   
  >  Important Update for Windows Me 
  > 
  > 
  > "Thought is the steed; reason the rider." 
  > George Sand (1804-1876); French writer. 
  > 
  > 
  > Madrid, February 27 2003 - Microsoft has released an update for Windows Me
  > to fix a critical vulnerability that could be used to run arbitrary code.
  > 
  > The problem stems from a buffer overflow vulnerability related to the "Help
  > and Support Center" (HSP), which uses the prefix "hcp://" instead of
  > "http://"; in URL links. As the URL Handler for the "hcp://" prefix contains
  > an unchecked buffer, if an attacker were to craft a special URL they could
  > provoke a buffer overflow. If a user were to click on the link constructed
  > by the attacker, code would be executed in the Local Computer security
  > context. 
  > ++ There is more on the web site.
  > 
  > ___________________________________________________
  > ___________________________________________________
  > 
  > Mike ~ It is a good day if I learned something new.
  > Editor MikesWhatsNews see a sample on my web page
  > http://www.mwn.ca/ ***UPDATED 27/02/03
  > <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
  > See my Anti-Virus pages  
  > <http://www3.telus.net/mikebike/mikes_virus_page.htm> 
  > <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
  > A Technical Support Alliance Charter Member 
  > http://groups.yahoo.com/group/techsupportalliance/
  > *********** REPLY SEPARATOR  ***********
  > 
  > On 27/02/2003 at 6:28 PM Robert Wiens wrote:
  > 
  > Also Microsoft will never send out patch notifications
  > by e-mail (or any other method). If there is a patch
  > you must find out about it and get it yourself
  > 
  > --- Robert Carneal <carnealr@xxxxxxxxxxxx> wrote:
  > 
  >>Several people have written to me saying they
  >>downloaded a patch for 
  >>Windows ME. It has a virus.  After I pinned a few of
  >>them down, two of 
  >>admitted they did not obtain the download from
  >>Microsoft. They downloaded 
  >>it because they received an email from Microsoff
  >>saying they HAD to. They 
  >>clicked on the link provided and did not observe the
  >>link re-directed them 
  >>to web site where the supposed patch downloaded
  >>automatically.
  >>
  >>Please people, updates and upgrades for Windows
  >>comes from Microsoft, not 
  >>Mircrosff (The second name as two "Fs" in it.).
  >>Please be careful.
  >>
  >>Robert Carneal
  >>carnealr@xxxxxxxxxxxx
  > 
  > 
  > 
  > 
  > To unsub or change your email settings:
  > http://www.freelists.org/webpage/pctechtalk
  > 
  > To access our Archives:
  > http://groups.yahoo.com/group/PCTechTalk/messages/
  > http://www.freelists.org/archives/pctechtalk/
  > 
  > For more info:
  > http://www.freelists.org/cgi-bin/list?list_id=pctechtalk
  > 
  > 
  > 

  To unsub or change your email settings:
  http://www.freelists.org/webpage/pctechtalk

  To access our Archives:
  http://groups.yahoo.com/group/PCTechTalk/messages/
  http://www.freelists.org/archives/pctechtalk/

  For more info:
  http://www.freelists.org/cgi-bin/list?list_id=pctechtalk


To unsub or change your email settings:
http://www.freelists.org/webpage/pctechtalk

To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
http://www.freelists.org/archives/pctechtalk/

For more info:
http://www.freelists.org/cgi-bin/list?list_id=pctechtalk

Other related posts: