Microsoft releases VML fix for Windows 98

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Milkro$oft has made a fix available for the IE VML vulnerability.  Now
they won't come out and tell you this, but the new VGX.DLL file for
Win-2k works just file on Win-98.

Details:

Secunia is showing a variety of MS links depending on your OS:

http://secunia.com/advisories/21989 /

Naturally, there is no Win-98 link.

The Win-2k link takes you to here:

http://www.microsoft.com/downloads/details.aspx?familyid=EA7DE30F-D765-4E5B-BFD4-64F3FED578FF&displaylang=en

Where you can download this file:

IE6.0sp1-KB925486-Windows2000-x86-ENU.exe

The direct link for that file is:

http://download.microsoft.com/download/3/b/2/3b28cc6e-8217-464f-b888-f938f83a6837/IE6.0sp1-KB925486-Windows2000-x86-ENU.exe

After you download it, use winzip to unpack it.  The self-unpacking
archive will not execute on Win-98 systems.

When you unpack it, you will see a file called "vgx.dll" with a size
of 2,233 kb and a date of 9/18/06.  

Navigate to this directory:

C:\Program Files\Common Files\Microsoft Shared\VGX

and rename your existing vgx.dll.  Call it vgx.dl_ or vgx.bak.  If you
can't rename it, it's because it's currently in use, and you need to
close all IE windows and if that doesn't work, you need to re-start
your system and then try again.

Once you re-name your existing vgx.dll, copy the new vgx.dll into that
directory.

You will not have to restart your computer.  Your Win-98 system is now
patched against the VML problem.

To verify this, open the following page:

http://www.isotf.org/zert/testvml.htm

Re: Microsoft releases VML fix for Windows 98

98 Guy wrote:
Quoted text here. Click to load it
http://www.microsoft.com/downloads/details.aspx?familyid=EA7DE30F-D765-4E5B-BFD4-64F3FED578FF&displaylang=en
Quoted text here. Click to load it
http://download.microsoft.com/download/3/b/2/3b28cc6e-8217-464f-b888-f938f83a6837/IE6.0sp1-KB925486-Windows2000-x86-ENU.exe
Quoted text here. Click to load it

Thanks for letting us know, 98 Guy.  I am tempted to wait for a bit and
see how it does on your 98(SE) before trying it on my 98SE system.

Re: Microsoft releases VML fix for Windows 98

Dan wrote:
 
Quoted text here. Click to load it

http://download.microsoft.com/download/3/b/2/3b28cc6e-8217-464f-b888-f938f83a6837/IE6.0sp1-KB925486-Windows2000-x86-ENU.exe

Quoted text here. Click to load it

You're not likely to get future status reports about this from me.

The VGX.DLL file is normally not loaded by IE or Outlook/OE when they
start.  VGX.DLL is only loaded or called when IE or Outlook encounters
VML code.  Normally when surfing the net, you won't know if the page
you're looking at contains VML code.  The fact is the Win-2K version
of VGX.DLL seems to work seemlessly with Win-98 - I can for example
load and view the above-mentioned test web page after replacing my
existing VGX.DLL with the Win-2K version.

As far as I can tell, there's no harm in just locating your existing
VGX.DLL and renaming it so that Windows/IE/Outlook/OE can't find it
when they encounter VML code.  If you do, then you will find a blank
object or place-holder on any page that contains VML code.

VML seems similar to DCOM in that it's another piece of technology
that Macro$haft thought was a good idea but was just more crap that
didn't catch on and that they didn't code properly from a security
standpoint.

Re: Microsoft releases VML fix for Windows 98



Okay, I'm going to take the plunge and post a link to an unofficial VML
exploit patch for IE6SP1 under Windows 98/Me. Microsoft can delete this post
or complain to rapidshare if they don't want us to have it, but I am hoping
they will just be happy for us poor abandoned 98/Me users:

http://rapidshare.de/files/34643189/patch.zip.html

This patch has been tested on my Me machine and against a test page designed
to crash the browser. Worked perfectly.


darkrats





Quoted text here. Click to load it
http://download.microsoft.com/download/3/b/2/3b28cc6e-8217-464f-b888-f938f83a6837/IE6.0sp1-KB925486-Windows2000-x86-ENU.exe
Quoted text here. Click to load it



Re: Microsoft releases VML fix for Windows 98

darkrats wrote:
 
Quoted text here. Click to load it

How do you know that patch is for 98/ME ???  

Where is that stated?

Quoted text here. Click to load it

The archive mentioned above contains an INF file as well as a couple
of other programs that seem designed to turn off some file protection
processes to perform a file substitution (ie replace the old VGX.DLL
with a new one).

The new one has the exact same file length as the last version that I
have for Win 98:

Last known good version for Win-98:

  VGX.DLL  March 10, 2004  Version 6.00.2800.1411 2,283,008 bytes

Version included with the above patch.zip archive:

  VGX.DLL  Sept 23, 2006   Version 6.0.2800.1489 2,283,008 bytes

The new Windows 2000 version of VGX.DLL released by MS:

  VGX.DLL  Sept 18, 2006   Version 6.00.2800.1580  2,286,080 bytes


I'm not going to try this Sept 23 version of VGX.DLL since I don't
really know it's source.  I suspect that it is the result of a ZERT
patch (http://www.isotf.org/zert /) which at this time seems to have
been withdrawn given that MS has released the official patch.

Re: Microsoft releases VML fix for Windows 98

98 Guy wrote:
Quoted text here. Click to load it
http://download.microsoft.com/download/3/b/2/3b28cc6e-8217-464f-b888-f938f83a6837/IE6.0sp1-KB925486-Windows2000-x86-ENU.exe
Quoted text here. Click to load it

Fantastic, I followed your instructions and saw the two colored boxes
with Internet Explorer and it works fine.  Good point about making the
original vgx.dll to a vgx.bak file just in case it is needed in the
future for some reason which I highly doubt.  Thanks so much for going
to the trouble of keeping 98SE machines secure.  I now have a bunch of
work in patching all the 98SE machines at school.  <grin>  <P.S. I
wonder when 2000 goes into unsupported mode as well if the XP and then
Vista patches will be able to be deconstructed and broken down into
pieces and used like this patch has been by us.

Re: Microsoft releases VML fix for Windows 98



| Fantastic, I followed your instructions and saw the two colored boxes
| with Internet Explorer and it works fine.  Good point about making the
| original vgx.dll to a vgx.bak file just in case it is needed in the
| future for some reason which I highly doubt.  Thanks so much for going
| to the trouble of keeping 98SE machines secure.  I now have a bunch of
| work in patching all the 98SE machines at school.  <grin>  <P.S. I
| wonder when 2000 goes into unsupported mode as well if the XP and then
| Vista patches will be able to be deconstructed and broken down into
| pieces and used like this patch has been by us.

Sorry Dan but if you are STILL using Win98 in a school environment by the time
Vista comes
out then the school is a fool !

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Microsoft releases VML fix for Windows 98

"David H. Lipman" wrote:

Quoted text here. Click to load it

No, the school is not a fool.  

If the school did move to Vista, then the taxpayers would be fools.

Does electronic page-turning really need Vista?  Or XP?

Do you really want to see school boards throwing out perfectly good
PC's and replace them with the Cray's that they'll need to run Vista?

Re: Microsoft releases VML fix for Windows 98


| "David H. Lipman" wrote:

Quoted text here. Click to load it

| No, the school is not a fool.

| If the school did move to Vista, then the taxpayers would be fools.

| Does electronic page-turning really need Vista?  Or XP?

| Do you really want to see school boards throwing out perfectly good
| PC's and replace them with the Cray's that they'll need to run Vista?

You can defend this POV all you want but, Win98 is a DEAD OS and as time goes
on, it will
be left behind, more and more.
Sorry, but you will have to face that fact.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Microsoft releases VML fix for Windows 98

David H. Lipman wrote:
Quoted text here. Click to load it

Not if I can help it, David.  I will be a mover and shaker and if my
work cannot succeed with Microsoft then I will move my 9x coding to an
open source company that is interested.

Re: Microsoft releases VML fix for Windows 98


Quoted text here. Click to load it

Since MS will not release updates for new vulnerabilities in Windows
98 and ME I think that this is reason enough to move.

--
Regards, Ian Kenefick
http://www.ik-cs.com

Re: Microsoft releases VML fix for Windows 98

Ian Kenefick wrote:
Quoted text here. Click to load it

Well, maybe you do, but quite a few (fortunately) apparently still do not.
And for good reason - they don't need it.

But then again, many of these are not the "blindly follow the rest of the
crowd" types, either!



Re: Microsoft releases VML fix for Windows 98

Ian Kenefick wrote:

Quoted text here. Click to load it

Do public school classroom computers really need internet connections?

And even if they become infected - what's the harm or dammage?

Once a year just reform them and restore from an image.

Re: Microsoft releases VML fix for Windows 98

98 Guy wrote:
Quoted text here. Click to load it

It would be nice if public schools had a new operating system such as a
Windows Classic series to choose from since XP Professional and Vista
will not meet their needs in terms of backwards compatibility.

Re: Microsoft releases VML fix for Windows 98

Ian Kenefick wrote:
Quoted text here. Click to load it

If that ends up being a big enough problem then the 9x computers could
remain just not connected to the Internet.  As it is, the XP
Professional computers that are much newer than the 98SE computers
already have MAJOR Issues.

Re: Microsoft releases VML fix for Windows 98

Wanna bet that the MAJOR issues with the XP machines are due to person(s)
managing them (and/or the network as a whole) improperly?

--

Gary S. Terhune
MS-MVP Shell/User

Quoted text here. Click to load it



Re: Microsoft releases VML fix for Windows 98

That's my point on ANY operating system.
The operating system isn't really what needs to be patched - it's the people
that need to be "patched".

Gary S. Terhune wrote:
Quoted text here. Click to load it



Re: Microsoft releases VML fix for Windows 98

Two different topics entirely. AFAIC, the OS needs to be as patched as
possible in any case.

--

Gary S. Terhune
MS-MVP Shell/User

Quoted text here. Click to load it



Re: Microsoft releases VML fix for Windows 98

Not in "ANY" case.   (Mostly NOT in my case!   Thanks, but no thanks).

Gary S. Terhune wrote:
Quoted text here. Click to load it
person(s)
Quoted text here. Click to load it
MAJOR



Re: Microsoft releases VML fix for Windows 98

I *said*, "AFAIC". We all know about your own proclivities. And even in the
apparently infamous case that caused you to swear off Updates, I'd prefer
some other workaround/fix than simply foregoing the Update.

On the other hand, I'm not one of those hand-wringers that screams for an
immediate new Update that addresses some vulnerability that it takes a fool
to encounter in the first place, either. Moderation in all things, I say.

--

Gary S. Terhune
MS-MVP Shell/User

Quoted text here. Click to load it



Site Timeline