-=PCTechTalk=- Re: Win ME Patch error
- From: Robert Wiens <didnjaknow@xxxxxxxxx>
- To: pctechtalk@xxxxxxxxxxxxx
- Date: Mon, 3 Mar 2003 19:11:18 -0800 (PST)
Sorry for my bold statement. But you did not mention
that you were a technet subscriber. For the average
Joe/Josephine there are no heads up sent by Microsoft.
--- Mike <mikebike@xxxxxxxxx> wrote:
>
> Hi Robert,
> I hate to disagree but MS does send out patch
> notifications to Technet
> subscribers;
> I recieved this one yesterday
>
<http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
> bulletin/MS03-006.asp>
>
> it is on my web page now Quote;
>
> Microsoft Security Bulletin MS03-006
> Security Update for Microsoft Windows Millennium
> Edition (Windows Me):
>
>
http://www.microsoft.com/security/security_bulletins/ms03-006.asp
>
> WHY WE ARE ISSUING THIS UPDATE:
> An identified security issue in the Microsoft
> Windows(R) Millennium Edition
> (Windows Me) Help and Support Center could enable an
> attacker to read files
> or run programs on a computer that visited a
> malicious Web site. You can
> help protect your computer by installing this update
> from Microsoft.
>
> PRODUCT AFFECTED:
> Microsoft Windows Millennium Edition (Windows Me)
>
> You can learn more about Microsoft software
> distribution policies here:
>
http://www.microsoft.com/technet/security/policy/swdist.asp
>
______________________________________________________
>
______________________________________________________
> Panda also sent out a notice on it today;
>
> Oxygen3
>
>
http://www.pandasoftware.com/about/press/oxygen3/oxygen.asp
>
>
> Important Update for Windows Me
>
>
> "Thought is the steed; reason the rider."
> George Sand (1804-1876); French writer.
>
>
> Madrid, February 27 2003 - Microsoft has released an
> update for Windows Me
> to fix a critical vulnerability that could be used
> to run arbitrary code.
>
> The problem stems from a buffer overflow
> vulnerability related to the "Help
> and Support Center" (HSP), which uses the prefix
> "hcp://" instead of
> "http://"; in URL links. As the URL Handler for the
> "hcp://" prefix contains
> an unchecked buffer, if an attacker were to craft a
> special URL they could
> provoke a buffer overflow. If a user were to click
> on the link constructed
> by the attacker, code would be executed in the Local
> Computer security
> context.
> ++ There is more on the web site.
>
> ___________________________________________________
> ___________________________________________________
>
> Mike ~ It is a good day if I learned something new.
> Editor MikesWhatsNews see a sample on my web page
> http://www.mwn.ca/ ***UPDATED 27/02/03
>
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
> See my Anti-Virus pages
>
<http://www3.telus.net/mikebike/mikes_virus_page.htm>
>
> <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
> A Technical Support Alliance Charter Member
> http://groups.yahoo.com/group/techsupportalliance/
> *********** REPLY SEPARATOR ***********
>
> On 27/02/2003 at 6:28 PM Robert Wiens wrote:
>
> Also Microsoft will never send out patch
> notifications
> by e-mail (or any other method). If there is a patch
> you must find out about it and get it yourself
>
> --- Robert Carneal <carnealr@xxxxxxxxxxxx> wrote:
> >
> > Several people have written to me saying they
> > downloaded a patch for
> > Windows ME. It has a virus. After I pinned a few
> of
> > them down, two of
> > admitted they did not obtain the download from
> > Microsoft. They downloaded
> > it because they received an email from Microsoff
> > saying they HAD to. They
> > clicked on the link provided and did not observe
> the
> > link re-directed them
> > to web site where the supposed patch downloaded
> > automatically.
> >
> > Please people, updates and upgrades for Windows
> > comes from Microsoft, not
> > Mircrosff (The second name as two "Fs" in it.).
> > Please be careful.
> >
> > Robert Carneal
> > carnealr@xxxxxxxxxxxx
>
>
>
> To unsub or change your email settings:
> //www.freelists.org/webpage/pctechtalk
>
> To access our Archives:
> http://groups.yahoo.com/group/PCTechTalk/messages/
> //www.freelists.org/archives/pctechtalk/
>
> For more info:
>
//www.freelists.org/cgi-bin/list?list_id=pctechtalk
>
__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/
To unsub or change your email settings:
//www.freelists.org/webpage/pctechtalk
To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/
For more info:
//www.freelists.org/cgi-bin/list?list_id=pctechtalk
Other related posts:
