Today, Microsoft released the following Security Bulletin:
http://www.microsoft.com/technet/sec.../ms04-023.mspx
Microsoft Security Bulletin MS04-023
Vulnerability in HTML Help Could Allow Code Execution (840315)

Issued: July 13, 2004
Version: 1.0
Executive Summary:
This update resolves two newly-discovered vulnerabilities. The HTML Help
vulnerability was privately reported and the showHelp vulnerability is
public. Each vulnerability is documented in this bulletin in its own
Vulnerability Details section.
If a user is logged on with administrative privileges, an attacker who
successfully exploited the most severe of these vulnerabilities could take
complete control of an affected system, including installing programs;
viewing, changing, or deleting data; or creating new accounts that have full
privileges. Users whose accounts are configured to have fewer privileges on
the system would be at less risk than users who operate with administrative
privileges.
We recommend that customers apply the update immediately

Summary
Who should read this document: Customers who use Microsoft® Windows®
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should apply the update immediately.
Security Update Replacement: None
Caveats: Windows NT Workstation 4.0, Windows NT Server 4.0 and Windows NT
4.0 Terminal Server Edition are not affected by default. However if you have
installed Internet Explorer 5.5 Service Pack 2 or Internet Explorer 6.0
Service Pack 1 you will have the vulnerable component on your system.
Tested Software and Security Update Download Locations:
Affected Software:
..Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack
3, Microsoft Windows 2000 Service Pack 4 - Download the update
..Microsoft Windows XP and Microsoft Windows XP Service Pack 1 - Download the
update
..Microsoft Windows XP 64-Bit Edition Service Pack 1 - Download the update
..Microsoft Windows XP 64-Bit Edition Version 2003 - Download the update
..Microsoft Windows ServerT 2003 - Download the update
..Microsoft Windows Server 2003 64-Bit Edition - Download the update
..Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (Me) - Review the FAQ section of this
bulletin for details about these operating systems.

Thank you, Emily! I was just about to post these new Bulletins to the win98.gen_discussion group.

This is a great service to Windows newsgroups users, and I hope we can expect it to become a regular feature in our groups.

--
Gary S. Terhune
MS MVP for Win9x

"Emily F [MSFT]" <emilyf@onliner.microsoft.com> wrote in message news:OryJiiQaEHA.2516@TK2MSFTNGP10.phx.gbl...

The Update related to this Securty Bulletin is now available at Windows Updates for Windows 98/98SE and Millennium Edition (at least, it's in the Catalog.) Since there is no Windows Updates for Windows 95, I figure Win95 users are SOL due to the following FAQ in the Bulletin:

Q. Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition critically affected by any of the vulnerabilities that are addressed in this security bulletin?

A. Yes. Security updates will be made available as soon as possible following the release. When these security updates are available, you will be able to download them only from the Windows Update Web site.

--
Gary S. Terhune
MS MVP for Win9x

"Emily F [MSFT]" <emilyf@onliner.microsoft.com> wrote in message news:OryJiiQaEHA.2516@TK2MSFTNGP10.phx.gbl...

And I notice the other 2 say No to that Q.

--
Brian A.

Jack of all trades, Master of none.
One can never truly be a master as there is always more to learn.


"Gary S. Terhune" <grystnews@mvps.org> wrote in message news:uJSd89SaEHA.524@TK2MSFTNGP09.phx.gbl...
The Update related to this Securty Bulletin is now available at Windows Updates for Windows 98/98SE and Millennium Edition (at least, it's in the Catalog.) Since there is no Windows Updates for Windows 95, I figure Win95 users are SOL due to the following FAQ in the Bulletin:

Q. Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition critically affected by any of the vulnerabilities that are addressed in this security bulletin?

A. Yes. Security updates will be made available as soon as possible following the release. When these security updates are available, you will be able to download them only from the Windows Update Web site.

--
Gary S. Terhune
MS MVP for Win9x

"Emily F [MSFT]" <emilyf@onliner.microsoft.com> wrote in message news:OryJiiQaEHA.2516@TK2MSFTNGP10.phx.gbl...

Yeah, I noticed. And had already spouted off in another forum about this issue when I made the mistake of cranking up two massive printers at once, overloading my UPSes, and crashing everything, even my router.

Decided it might be a good time to go do something else for a while, <g>.

--
Gary S. Terhune
MS MVP for Win9x

"Brian A." <GoneFishn@aFarAwayLake> wrote in message news:e62LgITaEHA.4048@TK2MSFTNGP10.phx.gbl...
And I notice the other 2 say No to that Q.

--
Brian A.

Jack of all trades, Master of none.
One can never truly be a master as there is always more to learn.


"Gary S. Terhune" <grystnews@mvps.org> wrote in message news:uJSd89SaEHA.524@TK2MSFTNGP09.phx.gbl...
The Update related to this Securty Bulletin is now available at Windows Updates for Windows 98/98SE and Millennium Edition (at least, it's in the Catalog.) Since there is no Windows Updates for Windows 95, I figure Win95 users are SOL due to the following FAQ in the Bulletin:

Q. Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition critically affected by any of the vulnerabilities that are addressed in this security bulletin?

A. Yes. Security updates will be made available as soon as possible following the release. When these security updates are available, you will be able to download them only from the Windows Update Web site.

--
Gary S. Terhune
MS MVP for Win9x

"Emily F [MSFT]" <emilyf@onliner.microsoft.com> wrote in message news:OryJiiQaEHA.2516@TK2MSFTNGP10.phx.gbl...

It *says* no Win9x is supported in the Bulletin for MS04-018, but there actually is a patch available to Win98/98SE users--*if* they have IE6SP1 installed

The only version for OE5.5SP2 is on the ME platform. The only patch for OE6.0 is on the WinXP platform.

All in all, it's a real messy situation.

--
Gary S. Terhune
MS MVP for Win9x

"Brian A." <GoneFishn@aFarAwayLake> wrote in message news:e62LgITaEHA.4048@TK2MSFTNGP10.phx.gbl...
And I notice the other 2 say No to that Q.

--
Brian A.

Jack of all trades, Master of none.
One can never truly be a master as there is always more to learn.


"Gary S. Terhune" <grystnews@mvps.org> wrote in message news:uJSd89SaEHA.524@TK2MSFTNGP09.phx.gbl...
The Update related to this Securty Bulletin is now available at Windows Updates for Windows 98/98SE and Millennium Edition (at least, it's in the Catalog.) Since there is no Windows Updates for Windows 95, I figure Win95 users are SOL due to the following FAQ in the Bulletin:

Q. Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition critically affected by any of the vulnerabilities that are addressed in this security bulletin?

A. Yes. Security updates will be made available as soon as possible following the release. When these security updates are available, you will be able to download them only from the Windows Update Web site.

--
Gary S. Terhune
MS MVP for Win9x

"Emily F [MSFT]" <emilyf@onliner.microsoft.com> wrote in message news:OryJiiQaEHA.2516@TK2MSFTNGP10.phx.gbl...

It appears to offer just TWO of them to me... ME!... a fully updated
Win98SE IE6 SP1. How many are you getting? Can it be, the third will be
offered only after one these has been installed?

........Quote............................
Cumulative Security Update for Outlook Express 6 SP1 (KB823353)
Download size: 1.9 MB, 6 minutes
A vulnerability exists in Outlook Express that could allow an attacker
to cause Outlook Express to fail. You can help protect your computer by
installing this update. After you install this update you may need to
restart your computer. Read more...

Remove
Security Update for Windows 98 (KB840315)
Download size: 202 KB, < 1 minute
A security issue has been identified that could allow an attacker to
compromise a computer running Windows and gain control over it. You can
help protect your computer by installing this update from Microsoft.
After you install this item, you may have to restart your computer. Once
you have installed this item, it cannot be removed. Read more...
........End of quote...................

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR
pcrrcp@netzero.net
"Brian A." <GoneFishn@aFarAwayLake> wrote in message
news:e62LgITaEHA.4048@TK2MSFTNGP10.phx.gbl...
And I notice the other 2 say No to that Q.

--
Brian A.

Jack of all trades, Master of none.
One can never truly be a master as there is always more to learn.


"Gary S. Terhune" <grystnews@mvps.org> wrote in message
news:uJSd89SaEHA.524@TK2MSFTNGP09.phx.gbl...
The Update related to this Securty Bulletin is now available at Windows
Updates for Windows 98/98SE and Millennium Edition (at least, it's in
the Catalog.) Since there is no Windows Updates for Windows 95, I
figure Win95 users are SOL due to the following FAQ in the Bulletin:

Q. Are Windows 98, Windows 98 Second Edition, or Windows Millennium
Edition critically affected by any of the vulnerabilities that are
addressed in this security bulletin?

A. Yes. Security updates will be made available as soon as possible
following the release. When these security updates are available, you
will be able to download them only from the Windows Update Web site.

--
Gary S. Terhune
MS MVP for Win9x

"Emily F [MSFT]" <emilyf@onliner.microsoft.com> wrote in message
news:OryJiiQaEHA.2516@TK2MSFTNGP10.phx.gbl...