Q329077: Security Update (security update for MS java implementation)

Discussion in 'other security issues & news' started by javacool, Sep 16, 2002.

Thread Status:
Not open for further replies.
  1. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,995
    The following is so new that the only information is the critical update description on WindowsUpdate:

    Q329077: Security Update
    Download size: 164 KB, < 1 minute
    This update resolves the "Java Applet" vulnerabilities in Microsoft virtual machine (Microsoft VM).

    The read more link does not even work yet.

    Check out windowsupdate.microsoft.com now to see if your system needs this update (which it probably does).

    -Javacool
     
  2. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,995
    UPDATE: At this time, it seems to be available ONLY for Windows 2000 and XP.

    -Javacool
     
  3. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    wooo! this must be new!

    Javacool - i just read your post and went to the window's update and it said there were no critical,or security updates listed for me. Is this security update something over and above the sp1? i checked all the other updates i had d/l'ed prior to sp1, but that Q329077 wasn't listed.

    the link above didn't seem to refer to XP unless they've changed it since you posted your message?

    snap
     
  4. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,995
    It is above and beyond Windows XP SP1, yes.

    I had it appear on my Windows Update (and others have had the same scenario).

    It is possible they removed it until documentation is up (I couldn't tell you).

    Or, it could just be possible that you dont have the MS Java Run-time installed, and have the better, more secure, official Sun Java plug-in for IE.

    UPDATE: I have gotten confirmation that the update was removed (although I have no clue why - probably the documentation issue). Look for it soon (with any luck).

    -Javacool
     
  5. Vietnam Vet

    Vietnam Vet Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    306
    javacool, noticed your comment about the read more link not working. If you are referring to the read me first link, none of them work for me since installing service pack 1 on IE6.0. Can anyone else confirm this for me? One of the guys I work with has the same issue. TIA.
     
  6. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    hi there Vietnam_Vet - i am not sure which read-me first links you mean, but when i go to the M$ update site all the links (read more), etc all work for me, and i installed the sp1 on IE6 first, then installed the sp1 for XP. Maybe it changed your settings? (i know you have to have javascript/active x enabled to view the update site)...just a thought.

    javacool - i am not sure if i have the MS Java run-time installed or not----i know i should know if i do, but i don't know....i looked but not sure what i was looking for. i do have the Sun Java Runtime Environment 1.4 installed for Opera though. But i think you are right, they must have removed the link to the critical patch until they get the documentation finalized-----they know we're going to look it over carefully! ;)

    snap
     
  7. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Guess that's why I haven't seen it on my Win98SE system running IE 6 SP1 (I do have the Java VM installed). :D

    Parallel thread at dslreports:

    Q329077: Security Update -security update for java
    http://www.dslreports.com/forum/remark,4440855~root=security,1~mode=flat
     
  8. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Can't find it yet; my last security bulletin on the VM was 18 March 2002
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-013.asp
    And taking that one did repair lots of the problems i had!
    Please check it out for yourself, as it is for all windows versions. If you did not have java installed with this you have :)
     
  9. controler

    controler Guest

    I just installed the Internet Explorer 6.0 SP1 the other day and now can not access my real mail account via the Web. They use Java...
    Tried resetting my setting and still no go. Good thing I chose to save old files to reverse the dang thing....
     
  10. Vietnam Vet

    Vietnam Vet Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    306
    Hi, snapdragin, perhaps I should have mentioned that I am on Win98SE. At the windows update site, there is a short description of each update available. At the end of this description, there is a link:read me first. I don't know if this is the same as your read more link or not(maybe just worded differently). My coworker(WinME) and myself have the same problem, the links no longer work. I think my settings remain the same as before the update, but am open to suggestions here. Everything else on the site or any other site I visit works as always so far. Hope that is a little bit easier to understand in regards to my problem.
     
  11. AAP

    AAP Guest

    Hello,All

    Ok i was thinking that if you get the
    Internet Explorer 6.0 SP1 that there
    would be no need to get anymore
    windows update for a time Right / Wrong

    but one good thing that has happen
    when i got the IE6.0 SP1 is i can go to
    the win update & download updates when
    before i could not get any updates

    one more thing do i or should i download
    all the updates at Windows update site
    some have a date as old as 1999
    should i download all of them

    Thanks to All
     
  12. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,995
    If WindowsUpdate is showing that your system needs those updates, then in most cases, I would recommend yes (however, if the updates are driver updates, you may want to get those directly from the equipment manufacturer, as WindowsUpdate seems to frequently mis-identify my hardware and offer me incorrect drivers).

    Hope this helps.

    -Javacool
     
  13. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,995
    UPDATE: Supposedly, this update is now officially online!

    Check WindowsUpdate to see if it shows the update for you now - I've heard it is now available for all Windows versions.

    -Javacool
     
  14. FanJ

    FanJ Guest

    Yep, that's right.

    See:
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-052.asp

    Who should read this bulletin: All customers using Microsoft® Windows®.

    Impact of vulnerability: Three vulnerabilities, the most serious of which could enable an attacker to gain complete control over a user’s system.

    Maximum Severity Rating: Critical

    Recommendation: Customers should apply the patch immediately.



    I've got it through Windows Update on my Win 98 SE.
     
  15. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    it was available for d/l for me also, but i read a li'l further since i wasn't sure if i had this VM stuff installed or not.....heh, M$ even had it under the Most Frequently Asked Questions LOL! So i thought i'd post it here incase anyone else wonders how to find out if they have M$'s VM and what build.

    (taken from M$'s update site Frequently Asked Questions for this Security Update, and shortened a bit by me to limit repetition)

    If you’re using any of the following versions of Windows, you definitely have the Microsoft VM installed:

    Microsoft Windows 95/98/98SE/ME/NT4.0 with SP1/2000/XP with SP1 The Microsoft VM also shipped as part of several versions of Internet Explorer and other products, so even customers using Windows NT 4.0 Gold or Windows XP Gold could potentially have it installed.

    If you’re in doubt about whether you have it installed, do the following:

    Select Start, then Run.
    On Windows 95, 98, or Me, type “command” (without the quotes). Hit the enter key.
    On Windows NT 4.0, 2000, or XP, type “cmd” (without the quotes). Hit the enter key.
    In the resulting command box, type “Jview” (without the quotes).
    If a program runs, you have the Microsoft VM installed.
    If you receive an error saying that no program by that name exists, you don’t.

    Q. How can I tell what version (build #) of the Microsoft VM I’m using?
    In the topmost line of the resulting listing, you should see a version number of the form x.yy.zzzz. The final four digits are the version number.

    Q. Once I know the version number, what should I do?

    A. If the version number is. . . .
    Less than 3805 - You should Upgrade to build 3805, then apply the patch.
    3805 - Apply the patch.
    More than 3805 - Do nothing. You’re using a version that’s already protected against these vulnerabilities.

    -------------------
    the part where it mentioned about upgrading first if the build was LESS than 3805, i thought might be important for some to know.

    snap
     
  16. Witchy

    Witchy Guest

    I installed this update with the result that I couldnot reach the internet nor could I send or receive mail. My computer was complete sealed off from the outside world. So I removed it and everything is back to normal.
    Witchy.
     
  17. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,995
    I can not duplicate this on any of my installations, nor have I heard anything else about this problem. :doubt:

    You may want to report it to MS with any crash reports that were created.

    -Javacool
     
  18. mapsonx

    mapsonx Registered Member

    Joined:
    Apr 24, 2002
    Posts:
    39
    Win98se, IE 5.5sp2

    Installed the update. No problem. Would like to d/l & save it, but apparently it's not available for home users like me o_O

    Just a matter of time, or what??

    - J - :)
     
Loading...
Thread Status:
Not open for further replies.