Sorry for my bold statement. But you did not mention that you were a technet subscriber. For the average Joe/Josephine there are no heads up sent by Microsoft. --- Mike <mikebike@xxxxxxxxx> wrote: > > Hi Robert, > I hate to disagree but MS does send out patch > notifications to Technet > subscribers; > I recieved this one yesterday > <http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/ > bulletin/MS03-006.asp> > > it is on my web page now Quote; > > Microsoft Security Bulletin MS03-006 > Security Update for Microsoft Windows Millennium > Edition (Windows Me): > > http://www.microsoft.com/security/security_bulletins/ms03-006.asp > > WHY WE ARE ISSUING THIS UPDATE: > An identified security issue in the Microsoft > Windows(R) Millennium Edition > (Windows Me) Help and Support Center could enable an > attacker to read files > or run programs on a computer that visited a > malicious Web site. You can > help protect your computer by installing this update > from Microsoft. > > PRODUCT AFFECTED: > Microsoft Windows Millennium Edition (Windows Me) > > You can learn more about Microsoft software > distribution policies here: > http://www.microsoft.com/technet/security/policy/swdist.asp > ______________________________________________________ > ______________________________________________________ > Panda also sent out a notice on it today; > > Oxygen3 > > http://www.pandasoftware.com/about/press/oxygen3/oxygen.asp > > > Important Update for Windows Me > > > "Thought is the steed; reason the rider." > George Sand (1804-1876); French writer. > > > Madrid, February 27 2003 - Microsoft has released an > update for Windows Me > to fix a critical vulnerability that could be used > to run arbitrary code. > > The problem stems from a buffer overflow > vulnerability related to the "Help > and Support Center" (HSP), which uses the prefix > "hcp://" instead of > "http://"; in URL links. As the URL Handler for the > "hcp://" prefix contains > an unchecked buffer, if an attacker were to craft a > special URL they could > provoke a buffer overflow. If a user were to click > on the link constructed > by the attacker, code would be executed in the Local > Computer security > context. > ++ There is more on the web site. > > ___________________________________________________ > ___________________________________________________ > > Mike ~ It is a good day if I learned something new. > Editor MikesWhatsNews see a sample on my web page > http://www.mwn.ca/ ***UPDATED 27/02/03 > <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> > See my Anti-Virus pages > <http://www3.telus.net/mikebike/mikes_virus_page.htm> > > <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> > A Technical Support Alliance Charter Member > http://groups.yahoo.com/group/techsupportalliance/ > *********** REPLY SEPARATOR *********** > > On 27/02/2003 at 6:28 PM Robert Wiens wrote: > > Also Microsoft will never send out patch > notifications > by e-mail (or any other method). If there is a patch > you must find out about it and get it yourself > > --- Robert Carneal <carnealr@xxxxxxxxxxxx> wrote: > > > > Several people have written to me saying they > > downloaded a patch for > > Windows ME. It has a virus. After I pinned a few > of > > them down, two of > > admitted they did not obtain the download from > > Microsoft. They downloaded > > it because they received an email from Microsoff > > saying they HAD to. They > > clicked on the link provided and did not observe > the > > link re-directed them > > to web site where the supposed patch downloaded > > automatically. > > > > Please people, updates and upgrades for Windows > > comes from Microsoft, not > > Mircrosff (The second name as two "Fs" in it.). > > Please be careful. > > > > Robert Carneal > > carnealr@xxxxxxxxxxxx > > > > To unsub or change your email settings: > //www.freelists.org/webpage/pctechtalk > > To access our Archives: > http://groups.yahoo.com/group/PCTechTalk/messages/ > //www.freelists.org/archives/pctechtalk/ > > For more info: > //www.freelists.org/cgi-bin/list?list_id=pctechtalk > __________________________________________________ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ To unsub or change your email settings: //www.freelists.org/webpage/pctechtalk To access our Archives: http://groups.yahoo.com/group/PCTechTalk/messages/ //www.freelists.org/archives/pctechtalk/ For more info: //www.freelists.org/cgi-bin/list?list_id=pctechtalk