Re: KB891781

From: Pat Walters [MSFT] (a-patwal_at_online.microsoft.com)
Date: 02/22/05 

Date: Tue, 22 Feb 2005 12:51:02 -0800

"Pedro",

Thank you for that excellent response to my inquiry. I have researched the
update a bit, and I do see the quandry. As it stands, if you let Terillian
WebPage overwrite the DHTMLED.OCX, you are defeating the point of the
security update, which is:

"A cross-domain vulnerability exists in the Microsoft Dynamic HTML (DHTML)
Editing Component ActiveX control that could allow information disclosure or
remote code execution on an affected system. An attacker could exploit the
vulnerability by constructing a malicious Web page that could potentially
allow remote code execution if a user visited that page. An attacker who
successfully exploited this vulnerability could take complete control of an
affected system."

The update for Windows 98 can be downloaded here:
1. Go here: http://v4.windowsupdate.microsoft.com/en/default.asp
2. On the left hand panel, click the "Windows Update Catalog"
3. Click the link: Find updates for Microsoft Windows operating systems
4. Choose "Windows 98 and Windows 98 Second Edition" with the pull-down menu
5. Click "Advanced Search Options"
6. Under "Update types," uncheck all but one entry: "Critical Updates and
Service Packs"
7. Under the "Contains these words," enter: 891781
8. Click the Search button
9. Click the "Critical Updates and Service Packs (1)" to open it and find
the update below.
10. Click the "Add" button then click the "Go to Download Basket" link.
11. Click the "Browse" button to pick the location on your hard drive, then
download.
12. Install it at your convenience.

However, with the security update installed, the question to really ask is:
"Does the Terillian Webpage actually depend on the security vulnerability
within the DHTMLED.OCX?" and if so, why? Can THEY not issue an update to
their software to avoid this problem? The fix needed to be there for
security reasons.

Sincerely,

Pat Walters [MSFT]

"Pedro" <Pedro@discussions.microsoft.com> wrote in message
news:11D43CA5-A8F7-40A8-BDBF-A10323BF19B0@microsoft.com...
> The failure was that Terillian WebPage reports at start up "no such
> interface" their solution as can be seen on their site is to uninstall the
> above security update.
>
> The security update installs a new version of DHTMLED.OCX (6.01.9231) and
> installing WebPage after doing the security update revertes this back to
> version 6.01.9102.
>
> I did not get a pop up asking about replacing files and I have not ever
seen
> this on Windows 89SE.
>
> It is true that everything seems to be working on my system but the
security
> update can not be working as I now have the old version of DHTMLED.OCX.
>
> I have discovered with no hint from Microsoft that I can uninstall this
> security update . The uninstall is under Add remove programmes and is
listed
> as Interner explorer Q891781 as internet explorer had not been mentioned
in
> the MS documents or how to uninstall or that it was called "Q....." I
missed
> it.
>
> Uninstalling then reinstalling KB891781 replaced DHTMLED.OCX with the safe
> new version and WebPage now no longer works and that is how I will leave
it
> until they come up with a proper fix.
>
> I have learnt that with Windows 98SE I will have to check my files with
> System file checker after every install by looking at version numbers AND
> that just because I have updated with all the critical updates does not
mean
> that they are all functional. I understand there is a security checker
from
> Microsoft that actually checks that updates are installed AND functional
for
> XP but not 98.
>
> "Pat Walters [MSFT]" wrote:
>
> > "Pedro",
> >
> > What is the failure? How do you know that uninstalling the WebPage
editor
> > and reinstalling it over the updated files has somehow clobbered the
> > security settings? Did you get a popup from Microsoft asking you if you
> > wanted to replace system files with unknown files? I apologize, but I
am
> > confused as to how you are stuck. It seems like everything is working
on
> > your system.
> >
> > Please let us know by replying back to this group, and thanks.
> >
> > Sincerely,
> >
> > Pat Walters [MSFT]
> > "Pedro" <Pedro@discussions.microsoft.com> wrote in message
> > news:75C6D80E-295E-4D9F-8769-0E3558F830C6@microsoft.com...
> > >I had the same failure but with WebPage using Windows 98SE I can not
find
> > >an
> > > option to uninstall KB891781. I made what I think is a mistake by
> > > uninstalling and reinstalling WebPage editor which fiexd the problem
but
> > > I
> > > think it has clobbered the Microsoft security updated files. Now
Windows
> > > update thinks I have updated so I can not update again. Help
> > >
> > > "Bob123" wrote:
> > >
> > >> 2/9/05 Windows Update KB891781 has caused the Trellian Web Editor
program
> > >> to
> > >> issue an error message "no such interface". Their present workaround
is
> > >> to
> > >> disable this MS critical security update which deals w/a DHTML Active
X
> > >> security issue.
> > >>
> > >> How can this issue be fixed besides uninstalling(and leaving
uninstalled)
> > >> the KB891781 security patch? Is there any timeframe on a fix of this
by
> > >> MS...or is this a vendor issue? Thanks
> > >> Bob123
> >
> >
> >