Q329077: Security Update (security update for MS java implementation)

The following is so new that the only information is the critical update description on WindowsUpdate:

Q329077: Security Update
Download size: 164 KB, < 1 minute
This update resolves the "Java Applet" vulnerabilities in Microsoft virtual machine (Microsoft VM).

The read more link does not even work yet.

Check out windowsupdate.microsoft.com now to see if your system needs this update (which it probably does).

-Javacool

 

UPDATE: At this time, it seems to be available ONLY for Windows 2000 and XP.

-Javacool

 

wooo! this must be new!

Javacool - i just read your post and went to the window's update and it said there were no critical,or security updates listed for me. Is this security update something over and above the sp1? i checked all the other updates i had d/l'ed prior to sp1, but that Q329077 wasn't listed.

the link above didn't seem to refer to XP unless they've changed it since you posted your message?

snap

 

It is above and beyond Windows XP SP1, yes.

I had it appear on my Windows Update (and others have had the same scenario).

It is possible they removed it until documentation is up (I couldn't tell you).

Or, it could just be possible that you dont have the MS Java Run-time installed, and have the better, more secure, official Sun Java plug-in for IE.

UPDATE: I have gotten confirmation that the update was removed (although I have no clue why - probably the documentation issue). Look for it soon (with any luck).

-Javacool

 

javacool, noticed your comment about the read more link not working. If you are referring to the read me first link, none of them work for me since installing service pack 1 on IE6.0. Can anyone else confirm this for me? One of the guys I work with has the same issue. TIA.

 

hi there Vietnam_Vet - i am not sure which read-me first links you mean, but when i go to the M$ update site all the links (read more), etc all work for me, and i installed the sp1 on IE6 first, then installed the sp1 for XP. Maybe it changed your settings? (i know you have to have javascript/active x enabled to view the update site)...just a thought.

javacool - i am not sure if i have the MS Java run-time installed or not----i know i should know if i do, but i don't know....i looked but not sure what i was looking for. i do have the Sun Java Runtime Environment 1.4 installed for Opera though. But i think you are right, they must have removed the link to the critical patch until they get the documentation finalized-----they know we're going to look it over carefully!

snap

 

Guess that's why I haven't seen it on my Win98SE system running IE 6 SP1 (I do have the Java VM installed).

Parallel thread at dslreports:

Q329077: Security Update -security update for java
http://www.dslreports.com/forum/remark,4440855~root=security,1~mode=flat

 

Can't find it yet; my last security bulletin on the VM was 18 March 2002
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-013.asp
And taking that one did repair lots of the problems i had!
Please check it out for yourself, as it is for all windows versions. If you did not have java installed with this you have

 

I just installed the Internet Explorer 6.0 SP1 the other day and now can not access my real mail account via the Web. They use Java...
Tried resetting my setting and still no go. Good thing I chose to save old files to reverse the dang thing....

 

Hi, snapdragin, perhaps I should have mentioned that I am on Win98SE. At the windows update site, there is a short description of each update available. At the end of this description, there is a link:read me first. I don't know if this is the same as your read more link or not(maybe just worded differently). My coworker(WinME) and myself have the same problem, the links no longer work. I think my settings remain the same as before the update, but am open to suggestions here. Everything else on the site or any other site I visit works as always so far. Hope that is a little bit easier to understand in regards to my problem.

 

Hello,All

Ok i was thinking that if you get the
Internet Explorer 6.0 SP1 that there
would be no need to get anymore
windows update for a time Right / Wrong

but one good thing that has happen
when i got the IE6.0 SP1 is i can go to
the win update & download updates when
before i could not get any updates

one more thing do i or should i download
all the updates at Windows update site
some have a date as old as 1999
should i download all of them

Thanks to All

 

If WindowsUpdate is showing that your system needs those updates, then in most cases, I would recommend yes (however, if the updates are driver updates, you may want to get those directly from the equipment manufacturer, as WindowsUpdate seems to frequently mis-identify my hardware and offer me incorrect drivers).

Hope this helps.

-Javacool

 

UPDATE: Supposedly, this update is now officially online!

Check WindowsUpdate to see if it shows the update for you now - I've heard it is now available for all Windows versions.

-Javacool

 

Yep, that's right.

See:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-052.asp

Who should read this bulletin: All customers using Microsoft® Windows®.

Impact of vulnerability: Three vulnerabilities, the most serious of which could enable an attacker to gain complete control over a user’s system.

Maximum Severity Rating: Critical

Recommendation: Customers should apply the patch immediately.



I've got it through Windows Update on my Win 98 SE.

 

it was available for d/l for me also, but i read a li'l further since i wasn't sure if i had this VM stuff installed or not.....heh, M$ even had it under the Most Frequently Asked Questions LOL! So i thought i'd post it here incase anyone else wonders how to find out if they have M$'s VM and what build.

(taken from M$'s update site Frequently Asked Questions for this Security Update, and shortened a bit by me to limit repetition)

If you’re using any of the following versions of Windows, you definitely have the Microsoft VM installed:

Microsoft Windows 95/98/98SE/ME/NT4.0 with SP1/2000/XP with SP1 The Microsoft VM also shipped as part of several versions of Internet Explorer and other products, so even customers using Windows NT 4.0 Gold or Windows XP Gold could potentially have it installed.

If you’re in doubt about whether you have it installed, do the following:

Select Start, then Run.
On Windows 95, 98, or Me, type “command” (without the quotes). Hit the enter key.
On Windows NT 4.0, 2000, or XP, type “cmd” (without the quotes). Hit the enter key.
In the resulting command box, type “Jview” (without the quotes).
If a program runs, you have the Microsoft VM installed.
If you receive an error saying that no program by that name exists, you don’t.

Q. How can I tell what version (build #) of the Microsoft VM I’m using?
In the topmost line of the resulting listing, you should see a version number of the form x.yy.zzzz. The final four digits are the version number.

Q. Once I know the version number, what should I do?

A. If the version number is. . . .
Less than 3805 - You should Upgrade to build 3805, then apply the patch.
3805 - Apply the patch.
More than 3805 - Do nothing. You’re using a version that’s already protected against these vulnerabilities.

-------------------
the part where it mentioned about upgrading first if the build was LESS than 3805, i thought might be important for some to know.

snap

 

I installed this update with the result that I couldnot reach the internet nor could I send or receive mail. My computer was complete sealed off from the outside world. So I removed it and everything is back to normal.
Witchy.

 

I can not duplicate this on any of my installations, nor have I heard anything else about this problem.

You may want to report it to MS with any crash reports that were created.

-Javacool

 

Win98se, IE 5.5sp2

Installed the update. No problem. Would like to d/l & save it, but apparently it's not available for home users like me

Just a matter of time, or what??

- J -