IE6 SP1 Security Update

Tutorials Win: Microsoft Windows Forum

Note ME Users: Security Update for IE6 SP1 KB833989 automatic update,
today, 10-06-2006.
Ed
Top

Re: IE6 SP1 Security Update by Mike

Mike
Fri Oct 06 11:12:15 CDT 2006

Ed Meza <tony24_nospam@peoplepc.com> wrote:

> Note ME Users: Security Update for IE6 SP1 KB833989 automatic update,
> today, 10-06-2006.

You're just a little late here Ed. This update has been available since
September 2004. You may have triggered it by installing a vulnerable
version of MSOffice.
--
Mike Maltby
MS-MVP Windows
mike.maltby@gmail.com



Top

Re: IE6 SP1 Security Update by webster72n

webster72n
Fri Oct 06 11:15:51 CDT 2006

Ed:

I checked and didn't find any new update besides the existing. Could you
have missed the last one?
Curious,

Harry.


"Ed Meza" <tony24_nospam@peoplepc.com> wrote in message
news:qYuVg.3933$Lv3.272@newsread1.news.pas.earthlink.net...
> Note ME Users: Security Update for IE6 SP1 KB833989 automatic update,
> today, 10-06-2006.
> Ed
>
>
>
>


Top

Re: IE6 SP1 Security Update by Mike

Mike
Fri Oct 06 11:36:49 CDT 2006

webster72n <webster72n@gmail.com> wrote:

> I checked and didn't find any new update besides the existing. Could
> you have missed the last one?
> Curious,

Harry,

The 833989 hotfix was released in September 2004.
--
Mike Maltby
mike.maltby@gmail.com


Top

Re: IE6 SP1 Security Update by webster72n

webster72n
Fri Oct 06 13:40:24 CDT 2006


Sure thing, Mike, thank you.

Harry.


"Mike M" <No_Spam@Corned_Beef.Only> wrote in message
news:uqLQJWW6GHA.4604@TK2MSFTNGP03.phx.gbl...
> webster72n <webster72n@gmail.com> wrote:
>
> > I checked and didn't find any new update besides the existing. Could
> > you have missed the last one?
> > Curious,
>
> Harry,
>
> The 833989 hotfix was released in September 2004.
> --
> Mike Maltby
> mike.maltby@gmail.com
>
>


Top

Re: IE6 SP1 Security Update by Ed

Ed
Fri Oct 06 13:45:22 CDT 2006

I don't doubt that this update was available in September 2004 (I did not
have a PC at that time). I have not installed any version of MSOffice.
This morning I was prompted to install the automatic update by the operating
system, thus the auto update in the installation history refects today's
date: 10-06-2006.
Thanks,
Ed
"Mike M" <No_Spam@Corned_Beef.Only> wrote in message
news:%23PwicIW6GHA.2248@TK2MSFTNGP04.phx.gbl...
> Ed Meza <tony24_nospam@peoplepc.com> wrote:
>
> > Note ME Users: Security Update for IE6 SP1 KB833989 automatic update,
> > today, 10-06-2006.
>
> You're just a little late here Ed. This update has been available since
> September 2004. You may have triggered it by installing a vulnerable
> version of MSOffice.
> --
> Mike Maltby
> MS-MVP Windows
> mike.maltby@gmail.com
>
>
>


Top

Re: IE6 SP1 Security Update by Mike

Mike
Fri Oct 06 13:54:02 CDT 2006

You've probably recently one of the many applications that includes a
vulnerable version of gdiplus.dll or one of the other affected files. If
the user has no such product the update isn't usually offered which is
probably why you won't have seen it before.
--
Mike Maltby
mike.maltby@gmail.com


Ed Meza <tony24_nospam@peoplepc.com> wrote:

> I don't doubt that this update was available in September 2004 (I did
> not have a PC at that time). I have not installed any version of
> MSOffice. This morning I was prompted to install the automatic update
> by the operating system, thus the auto update in the installation
> history refects today's date: 10-06-2006.
> Thanks,

Top

Re: IE6 SP1 Security Update by Ed

Ed
Fri Oct 06 18:47:55 CDT 2006

Thanks for the info.
Ed
"Mike M" <No_Spam@Corned_Beef.Only> wrote in message
news:enlwniX6GHA.1012@TK2MSFTNGP05.phx.gbl...
> You've probably recently one of the many applications that includes a
> vulnerable version of gdiplus.dll or one of the other affected files. If
> the user has no such product the update isn't usually offered which is
> probably why you won't have seen it before.
> --
> Mike Maltby
> mike.maltby@gmail.com
>
>
> Ed Meza <tony24_nospam@peoplepc.com> wrote:
>
> > I don't doubt that this update was available in September 2004 (I did
> > not have a PC at that time). I have not installed any version of
> > MSOffice. This morning I was prompted to install the automatic update
> > by the operating system, thus the auto update in the installation
> > history refects today's date: 10-06-2006.
> > Thanks,
>


Top

Re: IE6 SP1 Security Update by Mart

Mart
Fri Oct 06 18:47:37 CDT 2006

Oddly enough Mike, my 'relatively' clean and fairly recent (26 Nov 2005)
installation of WinMe (definitely sans Office) fired this very same update,
two days ago on 05 Oct 2006 too, via the Auto-update option. The WU history
just shows it as "Automatic update"

And I haven't (as far as I am aware) installed anything new for several
months. The previous intermediate updates were the manual ones around 1st
July 2006. I thought I covered all the earlier WinMe updates when I
installed it back in November.

In fact, I was just pleased to see that auto-update was still actually
functioning despite the 'discontinuance of support' announcement.

Mart


"Mike M" <No_Spam@Corned_Beef.Only> wrote in message
news:enlwniX6GHA.1012@TK2MSFTNGP05.phx.gbl...
> You've probably recently one of the many applications that includes a
> vulnerable version of gdiplus.dll or one of the other affected files. If
> the user has no such product the update isn't usually offered which is
> probably why you won't have seen it before.
> --
> Mike Maltby
> mike.maltby@gmail.com
>
>
> Ed Meza <tony24_nospam@peoplepc.com> wrote:
>
>> I don't doubt that this update was available in September 2004 (I did
>> not have a PC at that time). I have not installed any version of
>> MSOffice. This morning I was prompted to install the automatic update
>> by the operating system, thus the auto update in the installation
>> history refects today's date: 10-06-2006.
>> Thanks,
>


Top

Re: IE6 SP1 Security Update by Mike

Mike
Sat Oct 07 03:01:38 CDT 2006

Interesting. I wonder then what triggered this update for both Ed and
yourself? I'd be tempted to say that MS had updated the detection
mechanism in some way (this has always been an unsatisfactory update) but
don't think that has been the case as the file dates appear the same as
they used to be. I say unsatisfactory as it doesn't replace all
vulnerable copies of gdiplus.dll but rather alerts the user that they need
to check. A useful tool, on any system, for this is gdiscan.exe. For
more details including a download link see http://isc.sans.org/gdiscan.php
--
Mike


Mart <mart(NoSpam)@nospam.nospam> wrote:

> Oddly enough Mike, my 'relatively' clean and fairly recent (26 Nov
> 2005) installation of WinMe (definitely sans Office) fired this very
> same update, two days ago on 05 Oct 2006 too, via the Auto-update
> option. The WU history just shows it as "Automatic update"
>
> And I haven't (as far as I am aware) installed anything new for
> several months. The previous intermediate updates were the manual
> ones around 1st July 2006. I thought I covered all the earlier WinMe
> updates when I installed it back in November.
>
> In fact, I was just pleased to see that auto-update was still actually
> functioning despite the 'discontinuance of support' announcement.

Top

Re: IE6 SP1 Security Update by Dan

Dan
Sat Oct 07 09:02:20 CDT 2006

Mike M wrote:
> Interesting. I wonder then what triggered this update for both Ed and
> yourself? I'd be tempted to say that MS had updated the detection
> mechanism in some way (this has always been an unsatisfactory update)
> but don't think that has been the case as the file dates appear the same
> as they used to be. I say unsatisfactory as it doesn't replace all
> vulnerable copies of gdiplus.dll but rather alerts the user that they
> need to check. A useful tool, on any system, for this is gdiscan.exe.
> For more details including a download link see
> http://isc.sans.org/gdiscan.php

You're post will be forwarded to Microsoft for comment and analysis.
Thank you!

--
Dan W.

Computer User
Top