Welcome to MSFN

Register now to gain access to all of our features. Once registered and logged in, you will be able to contribute to this site by submitting your own content or replying to existing content. You'll be able to customize your profile, receive reputation points as a reward for submitting content, while also communicating with other members via your own private inbox, plus much more! This message will be removed once you have signed in.


MDGx

Q891711 + U891711 = Unofficial MS07-017 + MS05-002 .ANI fix

129 posts in this topic

UPDATED · 4-28-2007

* Unofficial Windows 98 SE Animated Cursor (.ANI) + Icon Handling USER32.DLL + USER.EXE 4.10.2233 Security Vulnerability Fix:

http://www.mdgx.com/files/Q891711.TXT

Direct download [375 KB, English]:

http://www.mdgx.com/files/Q891711.EXE

This Fix replaces ALL PREVIOUS Microsoft MS07-017 (Q925902):

http://www.microsoft.com/technet/security/...n/ms07-017.mspx

MS05-002 (Q891711):

http://www.microsoft.com/technet/security/...n/ms05-002.mspx

+ unofficial (U891711) Animated Cursor (.ANI) + Icon Handling Security Vulnerabilities Fixes, which are now OBSOLETE!

How to uninstall Q891711:

Control Panel -> Add/Remove Programs -> "Remove Unofficial USER32.DLL + USER.EXE Fix" -> click the

"Add/Remove" button -> reboot.

* U891711 [Q891711.DLL 4.10.2223 + KB891711.EXE 4.10.2227] fixes Windows 95/OSR1/OSR2/98/98 SP1/ME Animated Cursor (.ANI) + Icon Handling Security Vulnerabilities:

- MS07-017 (Q925902):

http://www.microsoft.com/technet/security/...n/ms07-017.mspx

- MS05-002 (Q891711):

http://www.microsoft.com/technet/security/...n/ms05-002.mspx

and replaces ALL OTHER similar fixes:

- Both Microsoft fixes listed above.

- Unofficial TI891711 Fix:

http://www.msfn.org/board/?showtopic=43566

Direct download [120 KB]:

http://www.mdgx.com/files/U891711.EXE

Read U891711.TXT FIRST (this file):

http://www.mdgx.com/files/U891711.TXT

Everything here applies only to English editions.

How to uninstall U891711:

Control Panel -> Add/Remove Programs -> "Uninstall Unofficial Windows 95/98/ME U891711 Fix" -> click the "Add/Remove" button -> reboot.

Both Q891711 + U891711 created by anonymous author.

Both these fixes have been tested and works up to specs, unless some1 discovers a new bug, which should be posted in this forum. ;)

Please do not create other forum topics for any Q891711 / U891711 related issues.

NOTE:

No warranties, expressed or implied. Use these files at your own risk!

4-28-2007 UPDATE:

* Win98 SE only = Old U891711 [temporary fix] has been replaced by new Q891711 [permanent fix].

0

Share this post


Link to post
Share on other sites

I just rebooted from the installation of your patch and so far everything seems to be alright. CPU usage slightly up afew moments, but I don't know if it's related.

Do you recommand to install the 98KRNLUP.EXE after this patch too?

0

Share this post


Link to post
Share on other sites

I would like to help testing, however I need something to test. Have you a link to a "malformed" image or so that should be blocked by this new patch?

0

Share this post


Link to post
Share on other sites
I just rebooted from the installation of your patch and so far everything seems to be alright. CPU usage slightly up afew moments, but I don't know if it's related.

Do you recommand to install the 98KRNLUP.EXE after this patch too?

Yes, the 98(FE)/98SE Kernel patch is also recommended to install after this beta patch, and after all other related patches [MS official + Tihiy unofficial described in U891711.TXT].
I would like to help testing, however I need something to test. Have you a link to a "malformed" image or so that should be blocked by this new patch?
Unfortunately I don't.

I'll post the link here if I find one.

CORRECTION:

The two MS IE 6.0 SP1 windows lockup BUG is NOT related to this patch, and I have subsequently removed it from U891711.TXT.

Edited by MDGx
0

Share this post


Link to post
Share on other sites

Hi MDGX,

I'm currently reinstalling my OS from scratch, and I want to try out U891711. I will install 98SE2ME, with the ME options (hooray!). Just a question about the recommended installation order: would the following order be more or less ok?:

- all Win 98SE updates

- SE SP2.02

- U891711

- 98SE2ME

- RPLite3 (perhaps)

- 98KRNLUP

- 98UPDSYS (for Intel CPU)

Hope this is fairly straightforward.

Thanks for any suggestions.

0

Share this post


Link to post
Share on other sites

MGDx,

I have tried without the kernel patch during two days, and it worked fine. Now I did the patch and it's still fine. ;)

0

Share this post


Link to post
Share on other sites
Hi MDGX,

I'm currently reinstalling my OS from scratch, and I want to try out U891711. I will install 98SE2ME, with the ME options (hooray!). Just a question about the recommended installation order: would the following order be more or less ok?:

- all Win 98SE updates

- SE SP2.02

- U891711

- 98SE2ME

- RPLite3 (perhaps)

- 98KRNLUP

- 98UPDSYS (for Intel CPU)

Hope this is fairly straightforward.

Thanks for any suggestions.

The order you have chosen is ok.

If you want more details, please see 98SE2ME READ1ST.TXT [the FAQ section]:

http://www.mdgx.com/9s2m/READ1ST.TXT

Please note that if you install MS official Q891711 patch after U891711, it will not install, because will not overwrite the newer file version builds installed by U891711.

98KRNLUP = can be installed at any time. May fix Kernel issues related (or not) to MS Q891711, U891711 + Tihiy KB891711 fix.

98UPDSYS = the WinME edition of this patch [ http://www.mdgx.com/web.htm#MEU ] installs as part of 98SE2ME options 1 and 2. No need to install the Win98 SE edition if you plan to install 98SE2ME and/or Maximus-Decim Native USB Drivers:

http://www.msfn.org/board/?showtopic=43605

which should be included in your updates listed above.

Hope this helps.

MGDx,

I have tried without the kernel patch during two days, and it worked fine. Now I did the patch and it's still fine. ;)

Many thanks for your feedback.

Sounds good. ;)

0

Share this post


Link to post
Share on other sites

MGDx,

I have something to say:

A few times already, I noticed abnormal datas transfert (on a 56k modem I see that easily), I mean data being sent or received while I'm not dowloading anything.

If at this time I shut down the connection (which I always do in this case), I get the internet connection dialog looping again and again until I reconnect.

I checked my my processes and noticed that KB891711.exe was running. Killing this task BSOD'ed my PC.

Now I disabled KB891711.exe from the start-up.

What do you think?

0

Share this post


Link to post
Share on other sites
MGDx,

I have something to say:

A few times already, I noticed abnormal datas transfert (on a 56k modem I see that easily), I mean data being sent or received while I'm not dowloading anything.

If at this time I shut down the connection (which I always do in this case), I get the internet connection dialog looping again and again until I reconnect.

I checked my my processes and noticed that KB891711.exe was running. Killing this task BSOD'ed my PC.

Now I disabled KB891711.exe from the start-up.

What do you think?

Thanks for your time.

I'll tell the patch author about your bug report, and then I'll post here any comments/solutions.

0

Share this post


Link to post
Share on other sites

Fredledingue:

Here is the author's reply:

The BSOD also happens with the original security update (v2) from Microsoft (4.10.2223). It is the result of KB891711.EXE running as a service process. One should not kill service processes. It can cause system instability.

Neither the original security update nor the patch (4.10.2224) try to connect to the internet. The only instance where one might see activity if LOADIMAGE loads a file from a network share and that share is accessed through a dial-up connection, but that network activity would occur even w/o the patch.

It is possible that unexpected network activity comes from one other computer scanning IP adresses and ports.

The proof-of-concept .ANI file is at

http://www.xfocus.net/flashsky/icoExp/

Hope this helps.

0

Share this post


Link to post
Share on other sites

Thanks MGDx.

I hope eveything's all right then. I will re-intialize the "service" executable.

BTW are you also testing this patch? :blushing:

0

Share this post


Link to post
Share on other sites
BTW are you also testing this patch?
I still am. ;)

New addtition to the text file U891711.TXT:

http://www.mdgx.com/files/U891711.TXT

NOTE #4

KB891711.EXE can be stopped *safely* using the Close option (but *not* the

Kill option) of programs like EndItAll or similar:

http://www.mdgx.com/speed.htm#TSK

CoolKill and Process Explorer do not have a Close option.

Killing (an application) happens w/o a warning to the application, and that

can be disastrous, as is the case with all versions of KB891711.EXE (official

and unofficial), which modify USER.EXE "on the fly" (DrWatson shows that).

0

Share this post


Link to post
Share on other sites

MGDx, I'v got a new BSOD!

And it's such an incredible event on w98se-uSP2.02 that each instance of it is worth being mentioned here.

It happened only once, while surfing the web, suddenly poof! And it happened I think, when the connection was shut-off momentarily. But I didn't kill the process this time.

I don't know if it's related because I installed a new adsl modem since.

But this patch seems to be the only thing that is capable of doing a BSOD on my computer. Maybe nothing serious. I will see if it happends again.

Edited by Fredledingue
0

Share this post


Link to post
Share on other sites

Hi - Just to report that (with Gape's 2.0.2 SP and MDGx's 98SE-MP10) I found missing button images for Media Player, as per the attached. Restarting the app resolved the problem

post-12938-1130702279_thumb.png

0

Share this post


Link to post
Share on other sites

MDGx,

I am pleased to report that this update also works on Windows ME. You also apply it like a normal update, you don't need to kill stmgr using coolkill. Just installed it on a virtual pc and it works. Maybe you could pass that on to the author and modify the installer so it installs on ME.

the_guy

0

Share this post


Link to post
Share on other sites
MDGx,

I am pleased to report that this update also works on Windows ME. You also apply it like a normal update, you don't need to kill stmgr using coolkill. Just installed it on a virtual pc and it works. Maybe you could pass that on to the author and modify the installer so it installs on ME.

the_guy

Thanks for your feedback.

I will relate this to the author.

0

Share this post


Link to post
Share on other sites
Hi - Just to report that (with Gape's 2.0.2 SP and MDGx's 98SE-MP10) I found missing button images for Media Player, as per the attached. Restarting the app resolved the problem
Did you notice this when trying to play online or offline?

If this happened while online [over the internet], it might have been because a particular server was either lagging, timed out or had maintenance/repair/backup issues [?], because some of the graphics/icons you see in the WMP window [while online] are located on remote [internet based] servers.

And because the problem was fixed after restarting the app, that is one more reason to believe a remote server was the cause.

PS:

I assumed this was related to installing 98SEMP10 [WMP10 files from WinXP].

Hope this helps.

Edited by MDGx
0

Share this post


Link to post
Share on other sites

I'd have to agree with that being due to a slower server response. If you look closer... the button placeholder images are the typical red 'x' like that from IE. *Smells IE in WMP*

Edited by Chozo4
0

Share this post


Link to post
Share on other sites

Hi MDGX,

After installing U891711 with 98KRNLUP a week ago on a very old Intel CPU and board (as part of a fresh install that included the installation of the ME options in 98SE2ME - wow, thanks!), I can now report an issue which may or may not be related (people more qualified to make the judgement no doubt will :) ).

I've experienced quite frequent BSODs while using Winamp v.2.81 Lite (with the Ampesizer skin found here at Radified and the MAD MP3 decoder plugin). They usually occur when clicking Winamp's OPEN icon that opens the file-browsing window. The BSODs have reported OEs at 0028:C16AE309 in VXD ctpci9x(01) + 00055D9 called from 0028:C16B11FC in VXD ctpci9X(01) + 000583CC, and have reported fatal ODs at 0028C0003ABD in VXD VMM(01) + 00002ABD.

Again, I have no idea if this relates specifically to the U891711 patch, and so really no idea if this is helpful or not. But there you go. :)

0

Share this post


Link to post
Share on other sites
I'd have to agree with that being due to a slower server response. If you look closer... the button placeholder images are the typical red 'x' like that from IE. *Smells IE in WMP*
You're right, WMP is very tightly linked to IE, after all, WMP streaming is done thru IE's engine. :(
Hi MDGX,

After installing U891711 with 98KRNLUP a week ago on a very old Intel CPU and board (as part of a fresh install that included the installation of the ME options in 98SE2ME - wow, thanks!), I can now report an issue which may or may not be related (people more qualified to make the judgement no doubt will :) ).

I've experienced quite frequent BSODs while using Winamp v.2.81 Lite (with the Ampesizer skin found here at Radified and the MAD MP3 decoder plugin). They usually occur when clicking Winamp's OPEN icon that opens the file-browsing window. The BSODs have reported OEs at 0028:C16AE309 in VXD ctpci9x(01) + 00055D9 called from 0028:C16B11FC in VXD ctpci9X(01) + 000583CC, and have reported fatal ODs at 0028C0003ABD in VXD VMM(01) + 00002ABD.

Again, I have no idea if this relates specifically to the U891711 patch, and so really no idea if this is helpful or not. But there you go.

I have sent your bug report to the patch author.

I'll post the answer here.

Thanks for your time and concern.

0

Share this post


Link to post
Share on other sites
I've experienced quite frequent BSODs while using Winamp v.2.81 Lite (with the Ampesizer skin found here at Radified and the MAD MP3 decoder plugin). They usually occur when clicking Winamp's OPEN icon that opens the file-browsing window. The BSODs have reported OEs at 0028:C16AE309 in VXD ctpci9x(01) + 00055D9 called from 0028:C16B11FC in VXD ctpci9X(01) + 000583CC, and have reported fatal ODs at 0028C0003ABD in VXD VMM(01) + 00002ABD.

Again, I have no idea if this relates specifically to the U891711 patch, and so really no idea if this is helpful or not. But there you go. :)

Get rid of Winamp 2.81 lite, bristols. it's too old. upgrade to the latest version of Winamp lite which is v5.11. Winamp Lite 5.11 fixes a ton of bugs, including security problems found in previous versions of Winamp. I have Winamp v5.11 lite on my 98se & ME machines.

I might give the unofficial 891711 win98/me fix a try. do I have to remove microsoft's 891711 patch first before installing the unofficial one, MDGx?

0

Share this post


Link to post
Share on other sites

As the original Microsoft KB891711 v2 is exactly the same for 98SE and ME, I am trying U891711 on Windows ME.

So far I have noticed no problems. The only "problem" there is, is the same as with the original one. There is one more executable and one more dll running in the system and it cannot be closed (with a task manager) without soon terminally crashing the entire OS.

I have also downloaded Winamp lite 2.81, the ampesizer skin and the mad plugin. I have no errors when clicking on the open file button while U891711 is running.

However, I have also the same question as hp38guser :

Have you a link to a "malformed" image or so that should be blocked by this new patch?
0

Share this post


Link to post
Share on other sites
As the original Microsoft KB891711 v2 is exactly the same for 98SE and ME, I am trying U891711 on Windows ME.

So far I have noticed no problems. The only "problem" there is, is the same as with the original one. There is one more executable and one more dll running in the system and it cannot be closed (with a task manager) without soon terminally crashing the entire OS.

I have also downloaded Winamp lite 2.81, the ampesizer skin and the mad plugin. I have no errors when clicking on the open file button while U891711 is running.

However, I have also the same question as hp38guser :

Have you a link to a "malformed" image or so that should be blocked by this new patch?

Winamp lite 2.81 is NOT available anymore at the Winamp.com site, eidenk. GET WINAMP LITE 5.11, NOT WINAMP 2.81!!!! Come on, dude! Winamp 2.81 is so old that it is prone to new security threats and v5.11 fixes these new security holes in Winamp.

I dont understand why bristols and eidenk want to use a very outdated release of Winamp as I, on the other hand, have no problems with the latest release of Winamp [5.11], with U891711 installed.

note to MDGx, you havent mentioned the U891711 patch on your software essentials page, yet as I have checked this noon time. will you list it there? also can you remove Tihiy's TI891711 fix off your page. as the author of the U891711 patch said, TI891711 offers "limited protection" and it is very weak and incompatible with 98fe & ME.

-erpdude8

Edited by erpdude8
0

Share this post


Link to post
Share on other sites
Hi everyone,

Somebody [the author prefers to remain anonymous] released a new unofficial patch for Windows 98 + 98 SE described here [MS05-002]:

http://www.microsoft.com/technet/security/...n/ms05-002.mspx

Unofficial patch download [109 KB, English]:

http://www.mdgx.com/files/U891711.EXE

First, please make sure to read the text file [English]:

http://www.mdgx.com/files/U891711.TXT

To install this unofficial patch on Windows 98/98 SE, just run U891711.EXE and then reboot.

This is a beta release, which means needs testing on as many computers as possible.

Please run this patch on your Windows 98 or 98 SE computer(s), and then post your comments/bugs/tips/suggestions/etc in this MSFN forum, or you can send me feedback: the blue E-mail link.

This patch can be uninstalled from Control Panel -> Add/Remove Programs -> "Unofficial Q891711 Patch (remove only)" -> click the "Add/Remove" button.

I will post this patch as permanent replacement for the official MS patch [see http://www.mdgx.com/files/U891711.TXT for details] if this unofficial patch proves to fix the MS05-002 security vulnerability better than the official MS patch.

Many thanks in advance for your time and concern.

This U891711 patch needs to be revised, MDGx. It will NOT install under WinME (a black eye for ME users). :no: The U891711.TXT file says "Unofficial Windows 98 (FE)/98 SE/ME Q891711 Patch" at the top of the text file but the EXE patch says "Unofficial Windows 98/98 SE Q891711 Patch". Make it install under Win98 FE, SE AND WinME! And edit the title of the U891711.EXE patch to correctly say "Unofficial Windows 98 (FE)/98 SE/ME Q891711 Patch".

Edited by erpdude8
0

Share this post


Link to post
Share on other sites

I too found that out, erpdude.

What you need to do is extract the files and install the update using the install command after right-clicking the .inf file.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.