MS09-054: Cumulative security update for Internet Explorer

Here you can find everything you need to know about Dll-Files. You can also share your knowledge regarding the topic.

Moderators: DllAdmin, DLLADMIN ONLY

Post Reply
meb
Posts: 116
Joined: 04 Oct 2009, 23:00

Re: MS09-054: Cumulative security update for Internet Explor

Post by meb »

Jeff Richards wrote:
> "Greg" <invalid@invalid.net> wrote in message
> news:7kho00F31quv1U1@mid.individual.net...
>> snip <
>>
>> Jeff,
>> No offense is meant to MEB or anyone else. I am trying to be nice
>> here.
>>
>> I did understand your post.
>>
>>
>> Greg
>>
>
> Thanks for confirming that, but I had pretty much taken that for granted, as
> the point was not complicated, namely that the statement I quoted was simply
> incorrect. I have not commented at all on whether or not it is sensible or
> useful to install this particular patch - others have done that more than
> adequately.

No your statement was wrong. The files BEING DISCUSSED require the full
NT OS to function properly and fully. IT SAYS:
"to accomplish the goal."

Let me refresh your memory one more time:

You wrote:
"MEB" <MEB-not-here@hotmail.com> wrote in message
news:eWXPrtRUKHA.4704@TK2MSFTNGP02.phx.gbl...
> > snip <
> > It *MAY* contain a fix
> > [within that file], but that also requires *ALL* the other files and
> > their fixes to accomplish the goal.

That statement is completely incorrect. It is quite feasible, and in fact
quite common, that a change to a single file provides protection
against the
exploit.

It is unfortunate that you react in such an emotional manner to anyone who
attempts to clarify what you are trying to say, because some of your
comments are correct.

For instance, it is possible that the files that _can_ be installed are not
the files that needed to be changed to protect against the exploit. It is
possible that the exploit exists in W98 regardless of whether the files are
patched or not, because W98 does not contain the features that the patch
relies on in order to provide the claimed protection. It is possible that
the patches are irrelevant for W98 because the vulnerability never existed
in the first place. There are, in fact, a wide range of possibilities.
But
that message is lost in your rudeness and name-calling. And your statement
that I have quoted above is just plain wrong.
----

I wrote:

Jeff Richards wrote:
> > "MEB" <MEB-not-here@hotmail.com> wrote in message
> > news:eWXPrtRUKHA.4704@TK2MSFTNGP02.phx.gbl...
>> >> snip <
>> >> It *MAY* contain a fix
>> >> [within that file], but that also requires *ALL* the other files and
>> >> their fixes to accomplish the goal.
> >
> > That statement is completely incorrect. It is quite feasible, and
in fact
> > quite common, that a change to a single file provides protection
against the
> > exploit.
> >
> > It is unfortunate that you react in such an emotional manner to
anyone who
> > attempts to clarify what you are trying to say, because some of your
> > comments are correct.
> >
> > For instance, it is possible that the files that _can_ be installed
are not
> > the files that needed to be changed to protect against the exploit.
It is
> > possible that the exploit exists in W98 regardless of whether the
files are
> > patched or not, because W98 does not contain the features that the
patch
> > relies on in order to provide the claimed protection. It is possible
that
> > the patches are irrelevant for W98 because the vulnerability never
existed
> > in the first place. There are, in fact, a wide range of
possibilities. But
> > that message is lost in your rudeness and name-calling. And your
statement
> > that I have quoted above is just plain wrong.
> >
> >

Really, so where is your information which provides the argument to
back your statement?

You ARE correct the vulnerabilities may not even exist [most relate
directly to issues within the NTs AND other updates {such as system}
which do come into play during the usage], you are incorrect or
misleading when trying to indicate that other files from the NTs are not
necessary to provide full security functionality. Nor have you even
remotely addressed the issue of IE6 incompatibility within 9X to start with.

And cram the emotional garbage back where it belongs... I respond as
needed. You apparently do as well, don't you... so FO.
---

For the FULL fix for which these files are to be used for REQUIRES the NTs.

NO? Let's let Pa Bear make the clarifying comment then:

"Horse hockey! KB974455 applies to IE6 SP1 running in Windows 2000
*SP4* (only), WinXP SP2 or SP3 (only), and Win2003 SP2 (only).

<QP>
It should be a priority for customers who have older releases of the
software to migrate to supported releases to prevent potential
exposure to vulnerabilities.
</QP>
Source: http://www.microsoft.com/technet/securi ... 9-054.mspx
(FAQ)

-----

NO WHERE does MS recommend installation in 9X, nor has MS tested for
any applicability or security fixes or anything else for that matter
related to 9X applicability or functionality... ANY statement of
applicability and install ability, AND usage recommendation within 9X
FOR ANY REASON, requires *careful testing* to ensure that there are NO
incompatibilities, the fixes actually work, and IN PARTICULARLY, that
they introduce no NEW vulnerabilities.

Now where is YOUR clarification?

Better still, provide links to the materials which PROOF these
necessary aspects in Win9X OSs.


--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---

jeff richards
Posts: 16
Joined: 24 Mar 2009, 00:00

Re: MS09-054: Cumulative security update for Internet Explor

Post by jeff richards »

Are you really now going to try and claim that your blatantly incorrect
statement only referred to the files currently being discussed? Go back and
read what you wrote. Your statement, and my disagreement with it, was
clearly a generalisation across any patch ever released for a vulnerability.
That's why it's such as fatuous remark. If you didn't mean to say that,
then you could have pointed it out immediately. You didn't - in fact your
response emphasised that your claim applied in general. Or is the reason
that you didn't point it out is that you have only just realised what a
ridiculous claim it is, and you are now searching for a way to back away
from it?

And if you want to educate yourself as to why it is so incorrect, do this.
Look up "security patch" and "buffer overflow" or similar. Look for the
Windows 2000 examples, because these are most common. Look for cases where
the patch included adding a 'get required buffer size' function - there's
plenty of them. These are the cases where a change to one DLL fixed a
problem in a whole series of other modules. It means that, even though those
other modules were updated and were included in the patch, certain ones that
already included a checked buffer _do_not_have_to_be_installed for the patch
to be effective.
--
Jeff Richards
----------------------------------------

"MEB" <MEB-not-here@hotmail.com> wrote in message
news:Ol1uHsUVKHA.3720@TK2MSFTNGP04.phx.gbl...
> snip <
>
> No your statement was wrong. The files BEING DISCUSSED require the full
> NT OS to function properly and fully. IT SAYS:
> "to accomplish the goal."
>

meb
Posts: 116
Joined: 04 Oct 2009, 23:00

Re: MS09-054: Cumulative security update for Internet Explor

Post by meb »

Jeff Richards wrote:
> Are you really now going to try and claim that your blatantly incorrect
> statement only referred to the files currently being discussed? Go back and
> read what you wrote. Your statement, and my disagreement with it, was
> clearly a generalisation across any patch ever released for a vulnerability.
> That's why it's such as fatuous remark. If you didn't mean to say that,
> then you could have pointed it out immediately. You didn't - in fact your
> response emphasised that your claim applied in general. Or is the reason
> that you didn't point it out is that you have only just realised what a
> ridiculous claim it is, and you are now searching for a way to back away
> from it?
>
> And if you want to educate yourself as to why it is so incorrect, do this.
> Look up "security patch" and "buffer overflow" or similar. Look for the
> Windows 2000 examples, because these are most common. Look for cases where
> the patch included adding a 'get required buffer size' function - there's
> plenty of them. These are the cases where a change to one DLL fixed a
> problem in a whole series of other modules. It means that, even though those
> other modules were updated and were included in the patch, certain ones that
> already included a checked buffer _do_not_have_to_be_installed for the patch
> to be effective.


You are stating that Pa Bear, Microsoft, and I are wrong... provide
that PROOF.

Post the links to your testing results...

--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---

meb
Posts: 116
Joined: 04 Oct 2009, 23:00

Re: MS09-054: Cumulative security update for Internet Explor

Post by meb »

MEB wrote:
> Jeff Richards wrote:
>> Are you really now going to try and claim that your blatantly incorrect
>> statement only referred to the files currently being discussed? Go back and
>> read what you wrote. Your statement, and my disagreement with it, was
>> clearly a generalisation across any patch ever released for a vulnerability.
>> That's why it's such as fatuous remark. If you didn't mean to say that,
>> then you could have pointed it out immediately. You didn't - in fact your
>> response emphasised that your claim applied in general. Or is the reason
>> that you didn't point it out is that you have only just realised what a
>> ridiculous claim it is, and you are now searching for a way to back away
>> from it?
>>
>> And if you want to educate yourself as to why it is so incorrect, do this.
>> Look up "security patch" and "buffer overflow" or similar. Look for the
>> Windows 2000 examples, because these are most common. Look for cases where
>> the patch included adding a 'get required buffer size' function - there's
>> plenty of them. These are the cases where a change to one DLL fixed a
>> problem in a whole series of other modules. It means that, even though those
>> other modules were updated and were included in the patch, certain ones that
>> already included a checked buffer _do_not_have_to_be_installed for the patch
>> to be effective.
>
>
> You are stating that Pa Bear, Microsoft, and I are wrong... provide
> that PROOF.
>
> Post the links to your testing results...
>

Here is what I did say:

"you are incorrect or misleading when trying to indicate that other
files from the NTs are not necessary to provide full security
functionality."

It says *full security".

Since you will once again deliberately misstate my intentions and what
I posted, let me define what you need to do to prove the three of us [Pa
Bear, Microsoft, and myself] wrong:

There is a series of fixes within this update:
http://www.microsoft.com/technet/securi ... 9-054.mspx

Explain how *each* addressed vulnerability either doesn't exist in 9X
or how these fixes WILL work in 9X with the testing results to *prove*
that AFTER installation in 9X, these issues ARE fixed..

Also explain WHY not being able to install the DX files and others,
WILL NOT be an issue in 9X.

--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---

greg
Posts: 26
Joined: 18 Oct 2009, 23:00

Re: MS09-054: Cumulative security update for Internet Explor

Post by greg »

Answer inline

On Sun, 25 Oct 2009 01:09:39 -0400, "PA Bear [MS MVP]"
<PABearMVP@gmail.com> wrote:

>
>> <QP>
>> It should be a priority for customers who have older releases of the
>> software to migrate to supported releases to prevent potential
>> exposure to vulnerabilities.
>> </QP>
>
>What part of the above don't you understand? Thousands of security
>vulnerabilites have been identified & patched since updates stopped being
>issued for Win9x in July 2006. There's simply no way in h*** that a Win9x
>box could be consider secure these days.
>
>[Are you thinking of Mike Bannigan?]
>

Yes that Mike,

I never said I didn't understand you.

Will right know I am using outpost firewall freeware version.
I am using Avast, will be switching to claimwin.
I am using Firefox 2.0.0.20

As I said in another post, never got infected unless it was my fault.
Downloading a program. There is a Nemo theme that had spyware,
adware and a key logger. (I had to use Norton ghost to restore, but
before I did that. I copied the sounds, wallpaper, and cursorses )

I am kind of surprise to hear that comment from you, saying windows
98se cant be made to be secure.

My next post will include my hijack log




Greg

greg
Posts: 26
Joined: 18 Oct 2009, 23:00

Re: MS09-054: Cumulative security update for Internet Explor

Post by greg »

I am on Dial up.
I have the Free download Manager
I have the HP printer installed
I have Avast
I have Outpost Firewall.
I have google toolbar installed in I.E.
I have the Rage PCI graphics driver installed.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:42 AM, on 10/25/09
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\kernel32.dll
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\AGRSMMSG.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\OUTPOST.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\HPZTSB10.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE (Graphic Drive/progam)
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\FREE DOWNLOAD MANAGER\FUM\FUMOEI.EXE (Free Download
Mananger)
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\TFLASH210\TFLASH.EXE
C:\PROGRAM FILES\OPENOFFICE.ORG 2.1\PROGRAM\SOFFICE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\OPENOFFICE.ORG 2.1\PROGRAM\SOFFICE.BIN
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MICROSOFT WORKS\WKSDB.EXE
C:\PROGRAM FILES\MICROSOFT WORKS\WKGDCACH.EXE
C:\PROGRAM FILES\MICROSOFT WORKS\MSWORKS.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\MICROSOFT WORKS\WKSDB.EXE
E:\NEWS\AGENTI\AGENT.EXE
C:\HIJACK\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
about:blank
F1 - win.ini: run=hpfsched
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class -
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\PROGRAM FILES\FREE
DOWNLOAD MANAGER\IEFDM2.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE"
-atboottime
O4 - HKLM\..\Run: [agrsmMSG] agrsmMSG.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM
FILES\HP\HPCORETECH\HPCMPMGR.EXE" (Disabled-Renamed)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\SYSTEM\hpztsb10.exe (Hp printer taskbar)
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe (Graphic program)
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost
Firewall 1.0\outpost.exe /waitservice
O4 - HKLM\..\RunServices: [KB891711]
c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [Tweak UI] RUNDLL32.EXE
TWEAKUI.CPL,TweakLogon
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [Outpost Firewall] C:\PROGRAM
FILES\AGNITUM\OUTPOST FIREWALL 1.0\outpost.exe /service
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN
Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL
deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free
Download Manager\FUM\fumoei.exe
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "c:\Program Files\MSN
Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Taskbar Display Controls] RunDLL
deskcp16.dll,QUICKRES_RUNDLLENTRY (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Free Uploader Oe Integration] C:\Program
Files\Free Download Manager\FUM\fumoei.exe (User 'Default user')
O4 - .DEFAULT Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE (User 'Default user')
O4 - .DEFAULT Startup: Iomega Startup Options.lnk =
C:\Tools_95\IMGSTART.EXE (User 'Default user')
O4 - .DEFAULT Startup: Turn on.lnk = C:\tflash210\tflash.exe (User
'Default user')
O4 - .DEFAULT Startup: OpenOffice.org 2.1.lnk = C:\Program
Files\OpenOffice.org 2.1\program\quickstart.exe (User 'Default user')
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Startup: Iomega Startup Options.lnk = C:\Tools_95\IMGSTART.EXE
(I have an Iomega zip drive, not install at the moment)
O4 - Startup: Turn on.lnk = C:\tflash210\tflash.exe
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org
2.1\program\quickstart.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page -
res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM
FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English -
res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: View This Page in Firefox -
file://C:\Windows\Application
Data\Mozilla\Firefox\Profiles\f2difo0c.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O8 - Extra context menu item: Open Link Target in Firefox -
file://C:\Windows\Application
Data\Mozilla\Firefox\Profiles\f2difo0c.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: Download with Free Download Manager -
file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download all with Free Download Manager
- file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download
Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download
Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\PROGRAM FILES\JAVA\JRE1.5.0_15\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM
FILES\JAVA\JRE1.5.0_15\BIN\SSV.DLL
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} -
C:\PROGRAM FILES\FREE DOWNLOAD MANAGER\FUM\FUMIEBTN.DLL
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.5.0)

(Domain and Nameserver removed for privacy)

pa bear [ms mvp]
Posts: 117
Joined: 01 Mar 2009, 00:00

Re: MS09-054: Cumulative security update for Internet Explor

Post by pa bear [ms mvp] »

Mike is no longer an MS employee IIRC.

Clamwin is useful though it does NOT include real-time protection.

We don't deal with HJT logs in public newsgroups. In any event, HJT is
pretty useless on Win9x boxes.


Greg wrote:
> Answer inline
>
> On Sun, 25 Oct 2009 01:09:39 -0400, "PA Bear [MS MVP]"
> <PABearMVP@gmail.com> wrote:
>
>>
>>> <QP>
>>> It should be a priority for customers who have older releases of the
>>> software to migrate to supported releases to prevent potential
>>> exposure to vulnerabilities.
>>> </QP>
>>
>> What part of the above don't you understand? Thousands of security
>> vulnerabilites have been identified & patched since updates stopped being
>> issued for Win9x in July 2006. There's simply no way in h*** that a
>> Win9x
>> box could be consider secure these days.
>>
>> [Are you thinking of Mike Bannigan?]
>>
>
> Yes that Mike,
>
> I never said I didn't understand you.
>
> Will right know I am using outpost firewall freeware version.
> I am using Avast, will be switching to claimwin.
> I am using Firefox 2.0.0.20
>
> As I said in another post, never got infected unless it was my fault.
> Downloading a program. There is a Nemo theme that had spyware,
> adware and a key logger. (I had to use Norton ghost to restore, but
> before I did that. I copied the sounds, wallpaper, and cursorses )
>
> I am kind of surprise to hear that comment from you, saying windows
> 98se cant be made to be secure.
>
> My next post will include my hijack log
>
>
>
>
> Greg

jeff richards
Posts: 16
Joined: 24 Mar 2009, 00:00

Re: MS09-054: Cumulative security update for Internet Explor

Post by jeff richards »

"MEB" <MEB-not-here@hotmail.com> wrote in message
news:eFmTUcVVKHA.504@TK2MSFTNGP06.phx.gbl...
> snip<
>
> Here is what I did say:
>
> "you are incorrect or misleading when trying to indicate that other
> files from the NTs are not necessary to provide full security
> functionality."

No. That's not what you said at all. The substantive part of your statement
was:

"Merely because a file or files installs DOES NOT MEAN it provides anything
to an OS
"for which it was not designed."

which is, of course, quite correct. The file may well be completely ignored
by the operating system - the code in that file might never get executed.

and

"It *MAY* contain a fix [within that file], but that also requires *ALL* the
other files
"and their fixes to accomplish the goal, e.g., the security issues attempted
to be fixed."

That's the statement that I quoted and that is the statement that is wrong.
The fact is that, in the case that it does contain a fix, it is quite
possible the the goal of that fix will be accomplished (the security issue
patched) even if some of the other files are not installed.

> It says *full security".

No it doesn't.

> Since you will once again deliberately misstate my intentions and what
> I posted, let me define what you need to do to prove the three of us [Pa
> Bear, Microsoft, and myself] wrong:

I have no idea where you are getting the idea that PA Bear or Microsoft
support your contention that it is not possible for a file to fix a problem
even if other files in the patch are not installed.

If I have mis-stated your intentions, why don't you correct that
mis-statement? Did you or did you not mean to state that _all_ files
contained in a security patch must be installed in order for _any_ file to
be effective in patching the problem?

> There is a series of fixes within this update:
> http://www.microsoft.com/technet/securi ... 9-054.mspx
>
> Explain how *each* addressed vulnerability either doesn't exist in 9X
> or how these fixes WILL work in 9X with the testing results to *prove*
> that AFTER installation in 9X, these issues ARE fixed..

Why? It has nothing to do with the question of whether or not installing
one file out of several will fix the problem that that file was designed to
address.

> Also explain WHY not being able to install the DX files and others,
> WILL NOT be an issue in 9X.

Do you mean that not being able to instal those files means that the fix is
ineffective for 9X(because that's the only way I can make your question
relevant to the issue). If that's what you mean, then the answer is No, I
won't, because I have made no comment as to whether or not your incorrect
statement is relevant to this particular fix, and I'm not going to. Why
should I bother? I only need one example to demonstrate that your claim is
wrong, and there are many easier ones than 054.
--
Jeff Richards
----------------------------------------

meb
Posts: 116
Joined: 04 Oct 2009, 23:00

Re: MS09-054: Cumulative security update for Internet Explor

Post by meb »

Where are your links to tests results and the information as was defined.

--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---

meb
Posts: 116
Joined: 04 Oct 2009, 23:00

Re: MS09-054: Cumulative security update for Internet Explor

Post by meb »

Jeff Richards wrote:
> "MEB" <MEB-not-here@hotmail.com> wrote in message
> news:eFmTUcVVKHA.504@TK2MSFTNGP06.phx.gbl...
>> snip<
>>
>> Here is what I did say:
>>
>> "you are incorrect or misleading when trying to indicate that other
>> files from the NTs are not necessary to provide full security
>> functionality."
>
> No. That's not what you said at all. The substantive part of your statement
> was:
>
> "Merely because a file or files installs DOES NOT MEAN it provides anything
> to an OS
> "for which it was not designed."
>
> which is, of course, quite correct. The file may well be completely ignored
> by the operating system - the code in that file might never get executed.
>
> and
>
> "It *MAY* contain a fix [within that file], but that also requires *ALL* the
> other files
> "and their fixes to accomplish the goal, e.g., the security issues attempted
> to be fixed."
>
> That's the statement that I quoted and that is the statement that is wrong.
> The fact is that, in the case that it does contain a fix, it is quite
> possible the the goal of that fix will be accomplished (the security issue
> patched) even if some of the other files are not installed.
>
>> It says *full security".
>
> No it doesn't.
>
>> Since you will once again deliberately misstate my intentions and what
>> I posted, let me define what you need to do to prove the three of us [Pa
>> Bear, Microsoft, and myself] wrong:
>
> I have no idea where you are getting the idea that PA Bear or Microsoft
> support your contention that it is not possible for a file to fix a problem
> even if other files in the patch are not installed.
>
> If I have mis-stated your intentions, why don't you correct that
> mis-statement? Did you or did you not mean to state that _all_ files
> contained in a security patch must be installed in order for _any_ file to
> be effective in patching the problem?
>
>> There is a series of fixes within this update:
>> http://www.microsoft.com/technet/securi ... 9-054.mspx
>>
>> Explain how *each* addressed vulnerability either doesn't exist in 9X
>> or how these fixes WILL work in 9X with the testing results to *prove*
>> that AFTER installation in 9X, these issues ARE fixed..
>
> Why? It has nothing to do with the question of whether or not installing
> one file out of several will fix the problem that that file was designed to
> address.
>
>> Also explain WHY not being able to install the DX files and others,
>> WILL NOT be an issue in 9X.
>
> Do you mean that not being able to instal those files means that the fix is
> ineffective for 9X(because that's the only way I can make your question
> relevant to the issue). If that's what you mean, then the answer is No, I
> won't, because I have made no comment as to whether or not your incorrect
> statement is relevant to this particular fix, and I'm not going to. Why
> should I bother? I only need one example to demonstrate that your claim is
> wrong, and there are many easier ones than 054.

PROVE IT with *THESE* files being discussed. Let me refresh your memory:

Since you will once again deliberately misstate my intentions and what
I posted, let me define what you need to do to prove the three of us [Pa
Bear, Microsoft, and myself] wrong:

There is a series of fixes within this update:
http://www.microsoft.com/technet/securi ... 9-054.mspx

Explain how *each* addressed vulnerability either doesn't exist in 9X
or how these fixes WILL work in 9X with the testing results to *prove*
that AFTER installation in 9X, these issues ARE fixed..

Also explain WHY not being able to install the DX files and others,
WILL NOT be an issue in 9X.

--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---

greg
Posts: 26
Joined: 18 Oct 2009, 23:00

Re: MS09-054: Cumulative security update for Internet Explor

Post by greg »

On Mon, 26 Oct 2009 08:30:07 -0400, 98 Guy <98@Guy.com> wrote:

>MEB wrote:
>
>> There is a series of fixes within this update:
>> http://www.microsoft.com/technet/securi ... 9-054.mspx
>>
>> Explain how *each* addressed vulnerability either doesn't exist
>> in 9X
>
>There is not enough information published about those vulnerabilities,
>as well as not enough information published about the working details of
>Windows 98, to be able to "prove" in a court of law that win-9x does not
>suffer those vulnerabilities.
>
>You are once again asking for proof of a negative condition, which
>logically speaking is a difficult if not impossible task.
>
>> or how these fixes WILL work in 9X with the testing results
>> to *prove* that AFTER installation in 9X, these issues ARE
>> fixed..
>
>Does anyone else find it interesting that Meb is *demanding* such proof,
>testing, etc, when no such "proof" or evidence of testing has ever been
>put forward by Microsoft itself as it relates to the target OS for which
>the fixes have been created for and applied to?
>
>> Also explain WHY not being able to install the DX files and
>> others, WILL NOT be an issue in 9X.
>
>Again, another request for a proof of a negative condition.
>
>I will restate that you hold a double standard with regard to these
>patch files.
>
>You demand to see evidence of testing, explanations of how the tests
>were performed, etc, for these file with regard to win-9x, while at the
>same time you make no similar demands of Microsoft to show how these
>patches did pass any level of testing for the target OS which they were
>designed for.
>
>The lack of published test methodology and example results (by microsoft
>or anyone else) for these patches means there is no precedent for anyone
>to follow if they cared to test them on win-98.
>
>Your constant badgering for testing is therefore vaccuous and inane, and
>amounts to nothing more than noise.


98guy
Doesn't Microsoft test files before they are released? I wouldnt be
surprised if they test if on a 9x machine, to make sure it wont be
installed without being modified.


Greg

Post Reply