Just wanted to say THANKS to everyone at CTH. A Presbyterian pastor taught me that one can never say thank you enough and that everyone needs to pass it on when you hear it. Over the past two weeks I have read so much great information (so many posts...so little time) and picked up considerable knowledge. THANK YOU ALL! - uncleable 
No Fix for Critical Windows 98, Me Flaw
Posted by: Tweaker
Date added: 14:20, 10th June 2006 GMT
Source: Beta News
Microsoft has encountered a critical vulnerability in Windows 98, 98 SE and Windows Me that it simply cannot fix, the company acknowledged Friday. The flaw affects Windows Explorer and after investigating the issue, Microsoft said it would need to reengineer a significant amount of the operating system.
Announced as part of April's security bulletins, a remote execution vulnerability exists in Windows Explorer because of the way that it handles COM objects. A malicious Web site could force a connection to a remote file server, which in turn causes Explorer to fail and potentially execute arbitrary code.
Microsoft says an attacker could take complete control of affected operating systems in this manner. Patches correcting the flaw were issued for Windows 2000, XP and Windows Server 2003, but the vulnerability remains unpatched on Windows 9x based systems.
The Redmond company says that because it would need to re-architecture Windows Explorer in those legacy systems to better match Windows 2000, a fix just isn't feasible. According to the updated bulletin, Microsoft could not ensure that applications written for Windows 9x would continue to operate as intended after the changes.
Moreover, Microsoft has little incentive to expend the resources necessary to patch the flaw. Support for Windows 98, 98 SE and Windows Me ends on July 11, which means no more security updates will be released and no technical or public support will be provided.
Microsoft will continue to offer Windows 98 and Me help topics through its Web site until at least July 11, 2007. However, without additional security updates, customers will be left unprotected from exploits taking advantage of the critical vulnerability, as well as any future problems.
Customers still running the older operating systems can take steps to protect themselves, Microsoft says. "We do strongly recommend that customers still using Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) protect those systems by placing them behind a perimeter firewall which filters traffic on TCP Port 139 which will block attacks attempting to exploit this vulnerability."
The company is also taking the opportunity to urge customers to upgrade their machines to a newer version of Windows, such as Windows XP Service Pack 2. Support for Service Pack 1 will cease on October 10, notes Christopher Budd from Microsoft's Security Response Center.
But with the critical vulnerability remaining unpatched, Microsoft could be leaving millions of computers at risk to attack.
Tools: Post a comment | Link to this news item | Send to a friend | Submit News
Error: You are not logged in.
In order to leave comments to news articles you must be a Cyber Tech Help Member.
Registration is completely free! 
Register to become a member
Along with access to leave comments to news articles you will be able to ask any computing questions you might have on the Cyber Tech Help Forums.
