Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account


Photo

KB891711 Windows 98 Security Patch finally fixed!

- - - - -

  • Please log in to reply
30 replies to this topic

#1
Tihiy

Tihiy

    the creator

  • Member
  • PipPipPipPipPipPipPip
  • 1,919 posts
  • OS:Windows 7 x64
  • Country: Country Flag

Donator

Yes... That stupid bug that wasn't actually critical for 9x/ME is closed now. By me. Without lockups or something like.

It was already fixed in 98 Revolutions Pack, but i've separated fix from it and proud to release it here. Spread it worldwide.

Download
(do not link directly please!!!)

Gape: notice that it's 98 user32.dll 4.10.0.2231 version hacked; it's version changed to 4.10.0.2232 to supress errors after installation.
USER.EXE remains unchanged; it's included only for user32.dll compatibility.

If you will include it to Service Pack (hope so), note that Windows won't work propertly without Ti891711.DLL.

Revolutions Pack users: you don't need that update.


How to remove advertisement from MSFN

#2
Acheron

Acheron

    Friend of MSFN

  • Member
  • PipPipPipPipPip
  • 988 posts
  • OS:XP Pro x86
  • Country: Country Flag
Nice one. Gonna test it for use with Dutch SP :)
Say no to bloatware. Download Nero Lite!

#3
Tihiy

Tihiy

    the creator

  • Member
  • PipPipPipPipPipPipPip
  • 1,919 posts
  • OS:Windows 7 x64
  • Country: Country Flag

Donator

Silently updated it to add qfecheck entries for compatibility with original hotfix. :zzz:

#4
erpdude8

erpdude8

    MSFN Master

  • Member
  • PipPipPipPipPipPipPipPip
  • 2,139 posts

Silently updated it to add qfecheck entries for compatibility with original hotfix. :zzz:

<{POST_SNAPBACK}>


Too bad it's for W98SE only since you modified the user32.dll file to v4.10.2232.
I will use this ONLY under a Win98se system.

As for the W98fe and WME machines that I have, I'll just wait for revised KB891711 patches to be posted by Microsoft. The user32.dll file Tihiy modified is NOT compatible with Win98fe and WinME and can break those versions of Windows.

#5
Tihiy

Tihiy

    the creator

  • Member
  • PipPipPipPipPipPipPip
  • 1,919 posts
  • OS:Windows 7 x64
  • Country: Country Flag

Donator

The user32.dll file Tihiy modified is NOT compatible with Win98fe and WinME and can break those versions of Windows.


Have you tested?

#6
jasinwa

jasinwa

    Member

  • Member
  • PipPip
  • 126 posts

As for the W98fe and ...


without risking sounding too dumb... :blushing: what is 98fe (hay, gotta learn somewhere)?

#7
Sonict

Sonict
  • Member
  • 7 posts
FE : First Edition

#8
Gape

Gape

    Author - Unofficial Win98 SE SP

  • Member
  • PipPipPip
  • 498 posts
  • OS:98SE
  • Country: Country Flag
Good job, Tihiy.

But I have a question. What about compatibility? If the user firstly install SP 2.0 with your fix, and secondly Revolutions Pack, everything will be OK?

#9
Tihiy

Tihiy

    the creator

  • Member
  • PipPipPipPipPipPipPip
  • 1,919 posts
  • OS:Windows 7 x64
  • Country: Country Flag

Donator

Good job, Tihiy.

But I have a question. What about compatibility? If the user firstly install SP 2.0 with your fix, and secondly Revolutions Pack, everything will be OK?

<{POST_SNAPBACK}>

Of course. How can I do not care about RP users?!
That version will simply have no effect if installed on Revolutions Pack.

#10
Gape

Gape

    Author - Unofficial Win98 SE SP

  • Member
  • PipPipPip
  • 498 posts
  • OS:98SE
  • Country: Country Flag

Of course. How can I do not care about RP users?!
That version will simply have no effect if installed on Revolutions Pack.

<{POST_SNAPBACK}>

:blushing: You're right.

#11
mr_bumbles

mr_bumbles

    Newbie

  • Member
  • 13 posts
Hi Tihiy,
It looks like there is a fix from Windows Update for this. It came out today. I downloaded it a few minutes ago and rebooted. It looks like it is no longer running as a service. It still shows up in Add/Remove Programs, but not in the Task Manager as it did before.

bUMBLES

#12
Tihiy

Tihiy

    the creator

  • Member
  • PipPipPipPipPipPipPip
  • 1,919 posts
  • OS:Windows 7 x64
  • Country: Country Flag

Donator

Yeah, looks like they released new version.
But seems it still present as [hidden] task! (Maybe check msconfig?)

Somebody tested? [i'm still thinking my version is better]

#13
Acheron

Acheron

    Friend of MSFN

  • Member
  • PipPipPipPipPip
  • 988 posts
  • OS:XP Pro x86
  • Country: Country Flag
Tihiy. How do you know your patch is working? Simply copy-past hexcode will not do the trick I guess :)

Did you test it?

BTW, if Microsoft's new patch solves the issue I'll stick with that one for Dutch SP.
Say no to bloatware. Download Nero Lite!

#14
Tihiy

Tihiy

    the creator

  • Member
  • PipPipPipPipPipPipPip
  • 1,919 posts
  • OS:Windows 7 x64
  • Country: Country Flag

Donator

Simple. I've just read technical CAN buletin mentioned in article.

It says integer overflow occurs in LoadImage() function when dwResSize value (4-bit) exceeds maximal word (2-bit) value. If dwResSize will be ~FFFFFFFF (-1) then malicious code can be executed.

So, hacked version of user32.dll has patched import table which LoadImage() points to loader written in "unused" space. It loads Ti......DLL and gives it control.

Check function in Ti......DLL opens icon file and checks if dwResSize>maximal word value. If it is, function fails (so virus won't be executed). If it does not, it transfers control to User32.dll original LoadImage() pointer hardcoded.

[If i had Windows sources i believe it's just 1 line of code to add
But, because Win9x developer team is killed, ( :) ) stupid NT developers trying to write a 16-bit memory hook which do the same, but:
- It will consume 16-bit handles, bad
- It won't protect machine until loaded
- When unloaded, will crush everything]

So... if ^^ that was you wanted :yes: ? As I as said before, this update isn't critical.
AND MY UPDATE SHOULD BE TESTED WELL IF WILL BE INCLUDED SOMEWHERE.

#15
mr_bumbles

mr_bumbles

    Newbie

  • Member
  • 13 posts

Yeah, looks like they released new version.
But seems it still present as [hidden]task! (Maybe check msconfig?)

Somebody tested? [i'm still thinking my version is better]


It does show up in MSConfig as KB891711 in C:\windows\system\KB891711\KB891711.exe

It seems to be running fine on the 3 machines here at work that I updated a couple of hours ago. Although to be honest, we never really had problems with the original update.

Tihy,
When I get home for work, I will post about my experience with your update.

BumBlEs

#16
erpdude8

erpdude8

    MSFN Master

  • Member
  • PipPipPipPipPipPipPipPip
  • 2,139 posts
I NOW recommend AGAINST using any unofficial patch like Tihiy's as MDGx recently gave me the links to download the newly revised KB891711 updates from Microsoft.

Link to get Windows 98 KB891711 Update V2:
http://download.wind...443b0208e0e.EXE

Link to get Windows ME KB891711 Update V2:
http://download.wind...9a9d05d2eed.EXE

Use these updates instead as the kb891711.exe and q891711.dll files are now version 4.10.2223 instead of 4.10.2222.

#17
Acheron

Acheron

    Friend of MSFN

  • Member
  • PipPipPipPipPip
  • 988 posts
  • OS:XP Pro x86
  • Country: Country Flag
erpdude8, don't p*** of Tihiy. Let's see what his patch does, see what Microsoft patch does and I will choose for one or other.
However Windows 98 isn't my daily base system so I'll have to test it yet.
Say no to bloatware. Download Nero Lite!

#18
erpdude8

erpdude8

    MSFN Master

  • Member
  • PipPipPipPipPipPipPipPip
  • 2,139 posts
The only problem I have with Tihiy's UNofficial 891711 patch is that it has user32.dll file version 4.10.2232. This is for Win98 SE ONLY. darn it! Using
this one on Win98 FE is a BIG MISTAKE and can corrupt Win98 FE systems. Tihiy's patch should have TWO versions of user32.dll files. One specifically for Win98 FE [Gold] and one for Win98 SE. back to the drawing board!

HEY! The Q291362 patch for Win98 has TWO versions of user.exe & user32.dll files. Read MS support article 291362:
http://support.microsoft.com/kb/291362

Q291362 has v4.10.2001 of user.exe & user32.dll files for Win98 FE Gold and v4.10.2231 of user.exe & user32.dll files for Win98 SE. Tihiy should modify the Win98 FE version of user32.dll from Q291362 so that it'll be v4.10.2002 when implementing KB891711.

AVOID Tihiy's patch if using WinME [unless he can make a specific ME version]. The user.exe/user32.dll files in WinME are 4.90.300x.

#19
erpdude8

erpdude8

    MSFN Master

  • Member
  • PipPipPipPipPipPipPipPip
  • 2,139 posts

erpdude8, don't p*** of Tihiy. Let's see what his patch does, see what Microsoft patch does and I will choose for one or other.
However Windows 98 isn't my daily base system so I'll have to test it yet.

<{POST_SNAPBACK}>



UH, what was it you're trying to say to me??? you're pathetic, hp38guser!

...and Tihiy's 891711 patch is missing an uninstall feature while Microsoft has the uninstall feature of their KB891711 patches for W98/WME & they DO show up in the Add/Remove programs control panel app.

dont give up Tihiy! your 891711 patch needs improvement. it took Microsoft to get things right the second time around with KB891711 for W98/WME.

#20
cybpsych

cybpsych

    Member

  • Member
  • PipPip
  • 283 posts

I NOW recommend AGAINST using any unofficial patch like Tihiy's as MDGx recently gave me the links to download the newly revised KB891711 updates from Microsoft.

Link to get Windows 98 KB891711 Update V2:
http://download.wind...443b0208e0e.EXE

Link to get Windows ME KB891711 Update V2:
http://download.wind...9a9d05d2eed.EXE

Use these updates instead as the kb891711.exe and q891711.dll files are now version 4.10.2223 instead of 4.10.2222.

<{POST_SNAPBACK}>


*EDITED* ok, found out the differences in version:

Old, V1 Update:

kb891711.exe - v4.10.2222
q891711.dll - v4.10.2222

New, V2 Update:

kb891711.exe - v4.10.2223
q891711.dll - v4.10.2222

:thumbup

#21
Acheron

Acheron

    Friend of MSFN

  • Member
  • PipPipPipPipPip
  • 988 posts
  • OS:XP Pro x86
  • Country: Country Flag
Seems that Windows Update no longer looks on the KB891711 registry entries but for the existance of the KB891711.exe and Q891711.dll file inside the System\KB891711 directory.

BTW, patch seems to work fine here, even if you got accidentely the KB891711.exe patch installed. The patch is included in Dutch SP now :hello:
Say no to bloatware. Download Nero Lite!

#22
erpdude8

erpdude8

    MSFN Master

  • Member
  • PipPipPipPipPipPipPipPip
  • 2,139 posts
a newer but unofficial 891711 patch has been created by an anonymous user that is mentioned here:

http://www.msfn.org/...showtopic=58780

it's called U891711. If successful, U891711 can put Microsoft's KB891711 security update for Win98/ME AND Tihiy's TI891711 patch out to pasture.

author of U891711 says that TI891711 is "no real replacement since it offers only limited protection" and that 16-bit programs [like the ones from the Windows 3.x days] can "bypass TI891711.DLL completely." so this means that 16bit programs can circumvent the TI891711 fix. another black eye for TI891711.

Tihiy might want to visit the above site and test out the U891711 patch.

#23
erpdude8

erpdude8

    MSFN Master

  • Member
  • PipPipPipPipPipPipPipPip
  • 2,139 posts

author of U891711 says that TI891711 is "no real replacement since it offers only limited protection" and that 16-bit programs [like the ones from the Windows 3.x days] can "bypass TI891711.DLL completely." so this means that 16bit programs can circumvent the TI891711 fix. another black eye for TI891711.


to be fair and not be all negative about Tihiy's TI891711 patch, it did work okay under win98se systems as i've tested it on one 98se machine. when I installed it under other Windows 9x platforms like 98fe and ME, I got different results. TI891711 was useless under winme and it gave a few BSODs under win98fe. TI891711 was meant for 98 SE only and wasnt flexible enough to work under other win9x systems. it offered protection against rogue 32-bit apps but not 16-bit apps.

#24
mamas6667

mamas6667

    Newbie

  • Member
  • 36 posts
I've tried the official one old and new
Tihiy's TI891711
and now U891711
I'm sure U891711 is better than MSN's
But it still slows my system down(less responsive).
I think is the fact that KB891711.exe is running as a service(always)

Tihiy's TI891711 doesn't run KB891711.exe upon bootup.

So i will continue to use use Tihiy's TI891711, I'm a gamer and I need the resources.

PIII 450MHz 256MB
WIN 98SE, sesp21a-en.exe, 98SE2ME.EXE(ver 3.7), TI891711, 98KRNLUP.EXE

#25
erpdude8

erpdude8

    MSFN Master

  • Member
  • PipPipPipPipPipPipPipPip
  • 2,139 posts
U891711 is better than both MS's KB891711 and TI891711 fixes as U891711 has more thorough protection
than the two patches.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users



How to remove advertisement from MSFN