Broadband Tech > Security > Security > Microsoft Security Bulletin Revisions

Microsoft Security Bulletin Revisions

After installing both these updates this afternoon on 98SE, the cursor has moved eratically and my system has locked several times, internet access blocked, hard reboots required.

I've uninstalled both patches, restored previous hlink.dll file, restored previous good registry, and still have problem. Uninstall does not fix problems.

Should have known better than to DL MS patches immediately.

Anyone else?

reply to Goldengamego
I installed them on my XP Pro system and haven't noticed any problems.

mady
--
Honi soit qui mal y pense

reply to SUMware

reply to Goldengamego
Installed both updates and things are still working fine on this Win98 SP1 system. Pretty small downloads, though... 176Kb and 149Kb for 888113, 891711 respectively and no reboot required afterwards - at least on this computer.
--
If God wanted us to work with electrons, He'd make them big enough to see...

reply to Goldengamego
BTW: If you want to receive these emails from MS when a security bulletin is revised go to »profile.micoosft.com and subscribe to the "Microsoft Security Notification Service: Comprehensive Version" list.

Don't ask why they didn't include these in with the standard bulletin emails, that apparently made to much sense

EDIT: https

--
Because Goldengamegod won't fit:p

reply to Goldengamego
Still trying to track this down. Before these patches I never had any problems with Firefox. Now, while browsing, my system periodically freezes suddenly. Same with IE.

When I open both browsers at same time my system locks. Never happened before. And mouse behavior is erratic with previously ok settings.

I've cleaned, scanned, restored & rebuilt registry, uninstalled patches, etc. Weird. Never had a problem like this before. My system was very stable.

Will keep at it. Thank you all for your responses.

As you've already observed, both patches supposedly are uninstallable via Add/Remove. FWIW, buried down within the Vulnerability Details FAQ of each patch is a brief explanation of what each general "fix" was that was patched into Win98:

MS05-002/891711 »www.microsoft.com/technet/securi···002.mspx
"Cursor & Icon Handling Vulnerability
What does the update do?
The update removes the vulnerability by modifying the way that cursors, animated cursor, and icon formats are validated prior to rendering."

MS05-015/888113 »www.microsoft.com/technet/securi···015.mspx
Hyperlink Object Library Vulnerability
"What does the update do?
The update removes the vulnerability by modifying the way that the Hyperlink Object Library validates the length of a message before it passes the message to the allocated buffer."

Note: The 888113 update installs file 888113.qfe in \Windows\System; no other new files appear to have been installed by either patch, at least on my Win98 system.
--
If God wanted us to work with electrons, He'd make them big enough to see...

- - quote - -
Note: The 888113 update installs file 888113.qfe in \Windows\System; no other new files appear to have been installed by either patch, at least on my Win98 system.
- - end quote - -

Hi,

I installed those MS updates yesterday on my W98SE (Dutch).
I do have new files (report from NIS File Check):

Application: c:\windows\system\kb891711\kb891711.exe
Status: New added
Version old: 4.10.2222
Size old: 9056
Date old: 2005-02-22 18:07:56
RMD160 Hash old: A79998C78A8C2DA1B7C7504F593B56CD29A4E1C5

Application: c:\windows\options\cabs\hlink.dll
Status: New added
Version old: 5.2.3790.227 (srv03_qfe.040918
Size old: 68608
Date old: 2004-11-16 13:35:36
RMD160 Hash old: B29114D0F93512562AAB885D3B800BB075408CFD

Application: c:\windows\system\kb891711\q891711.dll
Status: New added
Version old: 4.10.2222
Size old: 4288
Date old: 2005-02-18 09:53:06
RMD160 Hash old: F6A69FFF80047E05801523445506CFC501AD6B30

And some files were changed.

As for this one:
c:\windows\system\kb891711\kb891711.exe
That one is now running all the time.
I wonder whether others (either on W98SE or XP) see that same one.

Note:
My file integrity checker NIS File Check checks several thousands of files.
I still have to run my other file integrity checker ADinf32 pro, that checks ALL files.

Thanks !
Cheers, Jan.

reply to SUMware
Hi SUMware,

installed the 2 fixes yesterday on a Win98SE PC with IE6sp1,
and everything is smooth.

FWIW, you could try to change your mouse.
I had one time such a trouble, and it came from the mouse.

Charles.

reply to Jrb2
Oooops... my bad! I have a small utility that monitors the root, \Windows, and \Windows\System folders for any added files, but it ignores added folders and any contained files - so it missed the ones you noted. I erred in relying alone on its output during my quick check of installation changes, and forgot about checking for possible added folders. Indeed, they too were added/altered just as with your listing. Sorry for the confusion...
--
If God wanted us to work with electrons, He'd make them big enough to see...

reply to SUMware

reply to Goldengamego
Thanks for the suggestion Charles. The mouse/cursor was fine till the patches were applied. Patch 891711 "modifying the way that cursors, animated cursor, and icon formats are validated prior to rendering". So it wouldn't surprise me if there was a connection.

I am considering reinstalling MS Intellimouse drivers after exhausting all other possibilities. I want to know what happened. Problem(s) is not registry based. So I'm hoping that it's not a shell problem. I've not detected any corrupt files after several SFC full C:\ drive scans, just the file changes detailed above.

Evidently this situation has not manifest itself elsewhere on other people's boxes. That's good news!

--------------

No problem Blackbird. Appreciate your input.

reply to Blackbird
Exactly, that's why I manually deleted newly installed files, restored old files & registry, etc.

This is very irritating.

reply to SUMware

Yep. I concur. It's a bit strange that system file checker shows no corrupt files. Or maybe I should be happy about that. So drivers themselves are probably not the culprit. Perhaps an interface somewhere is.

I now believe that something extraordinary occurred during my particular install (perhaps a download/connection hiccup) that is most likely not MS related.

In any event I'll run like this for another day, then try a mouse software reinstall.

In a total perspective, it's not a disaster. I'll deal with it. More poking and experimenting ahead.

reply to Goldengamego
Is it really necessary for KB891711.exe to be running in the backround, because I like to keep a minimal of process' running? Can it be removed from running during start up without any conflicts?

I suppose you could always kill the service in System Configuration (Startup) and find out if Windows hiccups... . At a minimum, you will lose the essentially real-time validation of icon and cursor formats against the possible exploits MS is trying to block. Of course, if MS has "wired" the patch service directly between existing major code modules, your system may go belly up.

If you really want the service to go away, you could always simply uninstall the 891711 patch completely via Add/Remove.

As I recall, there were none of these exploits known to exist in the wild at the time of the patch creation - but, as we all know, that can change in minutes. I do know that I'd not hit any risky websites or download much of anything with the patch disabled though...
--
If God wanted us to work with electrons, He'd make them big enough to see...

reply to Goldengamego

said by Goldengamego:

BTW: If you want to receive these emails from MS when a security bulletin is revised go to »profile.micoosft.com and subscribe to the "Microsoft Security Notification Service: Comprehensive Version" list.

Don't ask why they didn't include these in with the standard bulletin emails, that apparently made to much sense

EDIT: https