On TechRepublic: 5 best features in Google Chrome
BNET Business Network:
BNET
TechRepublic
ZDNet
219 TalkBacks

By Joris Evers, News.com
Posted on ZDNet News: Jun 9, 2006 8:03:00 PM

Microsoft will not fix a serious flaw in Windows 98 and Windows Millennium Edition because a patch could break other applications.

The security bug relates to Windows Explorer and could let an intruder commandeer a vulnerable PC, Microsoft warned in April. The software maker has made fixes available for Windows Server 2003, Windows XP and Windows 2000, but it has found that eliminating the vulnerability in Windows 98 and ME is "not feasible," it said.

"To do so would require re-engineering a significant amount of a critical core component of the operating system," Microsoft said in a Thursday update to its MS06-015 security bulletin. "After such a re-engineering effort, there would be no assurance that applications designed to run on these platforms would continue to operate."

Instead, Microsoft recommends that people who still use the older operating systems protect their PCs by using a network firewall that filters traffic on TCP Port 139. "Such a firewall will block attacks attempting to exploit this vulnerability from outside of the firewall," it said.

The software maker even had trouble with its fix for Windows XP. It had to revise the update and release it a second time because the patch caused problems for people who used Hewlett-Packard Share-to-Web software or older Nvidia graphics drivers.

Microsoft is phasing out support for the older operating systems. Windows 98 was released in June 1998, Second Edition followed a year later, and Millennium Edition came out in 2000. Microsoft has been providing fixes for only "critical" flaws the past couple of years and is ending support altogether next month, after its planned July 11 patch release. Windows XP with Service Pack 1 reaches its end of support on Oct. 10, 2006.

Not providing fixes leaves users vulnerable, but software can't be supported forever, said Michael Sutton, a director at security intelligence company iDefense, a part of VeriSign. "At some point, any vendor has to make a business decision to cease product support, and these products are now 7 to 8 years old," he said.

The older Windows versions have never been secure, said Russ Cooper, a senior scientist at Cybertrust, a security vendor in Herndon, Va. "The lack of a 'critical' patch does not weaken these OSes. Instead, it should merely put an end to their perception that they were secure before this fault came to light," he said.

And as far as blocking traffic on port 139 goes, it is a network port that has been abused in the past for attacks, said Don Leatham, director of solutions and strategy at PatchLink. "Most organizations will already have port 139 blocked," he said. "Although it is good that Microsoft is reiterating this, I don't see it being a huge impact."

The best way to secure PCs that run older versions of Windows is upgrading the operating system, Microsoft suggested.

"With the upcoming end (of) support for these products, we strongly recommend that those of you who are still running these older versions of Windows upgrade to a newer, more secure version, such as Windows XP SP2, as soon as possible," Christopher Budd, a staffer in Microsoft's' security response center, wrote on the team's blog.

  • Talkback
  • Most Recent of 219 Talkback(s)
Message has been deleted.
(Read the rest)
Posted by: myfevertoy Posted on: 10/22/06  (Edited: 10/26/2006 @ 07:22) You are currently: Logged In | Log out
Win 98/Win ME Defect Techscan   | 06/09/06
there is free version of vista defconvegas   | 06/09/06
Nothing from Microsoft is free... Linux Advocate   | 06/09/06
time limit Scott W   | 06/11/06
Yup.. Wolfie2K3   | 06/12/06
how odd.... it's usually Castanet   | 06/12/06
Um.. Get real.. Wolfie2K3   | 06/12/06
XP SP2 IS a free upgrade. mustangj36@...   | 06/12/06
OH - it's an upgrade pkrdk   | 06/12/06
WIN 98/WIN ME DEFECT KECKBIGPAPA@...   | 06/12/06
Upgrade Hardware mighetto   | 06/09/06
It's a ploy to force us into Vista. Mr. Roboto   | 06/09/06
Vista Doink   | 06/09/06
No! It simply is michael_t   | 06/09/06
Not possible jheine   | 06/09/06
While you are correct about control systems voska   | 06/09/06
Ensoniq Yagotta B. Kidding   | 06/09/06
ICS on Win9x??? John E Wahd   | 06/09/06
Take one of your old PCs and put m0n0wall on it. osreinstall   | 06/09/06
Linux/ALSA kind-of supports the Ensoniq Soundscape PNP card Zogg   | 06/09/06
According to Linux.com Sabz5150   | 06/09/06
It's up to hardware vendors to write drivers. mustangj36@...   | 06/12/06
LOL voska   | 06/09/06
Old stuff is still good Bill4   | 06/09/06
I still have my 486 and P3-500 voska   | 06/09/06
Atta Boy Dumber_z   | 06/13/06
Keep in mind.... rock06r   | 06/10/06
What a load of hooey... Wolfie2K3   | 06/12/06
Stressed out Wolfie Dumber_z   | 06/13/06
Computers aren't TV's BrewMan01   | 06/12/06
Full of Bologna Cayble   | 06/12/06
Some mistakes last forever... michael_t   | 06/09/06
We can make even win98 work mighetto   | 06/09/06
Not on older cars voska   | 06/09/06
Recall? Dumber_z   | 06/13/06
The problem is NOT to eternally keep repairing old michael_t   | 06/09/06
I'd say it's the nature of young products voska   | 06/09/06
If you want to be serious michael_t   | 06/09/06
How long is your toaster considered young?? mdsmedia   | 06/10/06
My toaster is the same as it was 30+ years ago voska   | 06/12/06
Not to pick nits... But... Wolfie2K3   | 06/12/06
I will tell you how long Dumber_z   | 06/13/06
Wrong pkrdk   | 06/12/06
I'm laughing at you right now!! NonZealot   | 06/09/06
Win98 still has many valid uses... msolgeek   | 06/12/06
even *nix dont fix older versions defconvegas   | 06/09/06
With Unix, you can typically upgrade with no compatibility problems to a DonnieBoy   | 06/09/06
Go to developing countries, Win 95/98/ME are stil in wide use. DonnieBoy   | 06/09/06
Not even close bitfuzzy   | 06/12/06
So, we paid BILLIONS for an OS that never was secure and never will be DonnieBoy   | 06/09/06
I agree Michael Kelly   | 06/09/06
i doubt richvball44   | 06/10/06
*WE*??? You paid Billions? No_Ax_to_Grind   | 06/09/06
Some common sense voska   | 06/09/06
I agree! DragonBRockin   | 06/09/06
To All OS users, Windows or Linux... John Zern   | 06/09/06
And yet... rock06r   | 06/12/06
People lined up for ME? voska   | 06/12/06
and I thought OEM was to be sold with new machines only. mdsmedia   | 06/10/06
No really pirated voska   | 06/12/06
$114 dollars isn't that reasonable voska   | 06/12/06
Oh.. I don't know... Wolfie2K3   | 06/12/06
Market Forces JulesLt   | 06/12/06
WHO ? pkrdk   | 06/12/06
Message has been deleted. eatme   | 06/09/06
Raise your hand Shelendrea   | 06/09/06
(NT) who is "SP?" Jack-Booted EULA   | 06/09/06
Southern Pride. Linux Advocate   | 06/09/06
I'm not sure. Immanuel Tranz-Mischen   | 06/10/06
ZDNet knows LoCal   | 06/11/06
I am requesting your post Linux Advocate   | 06/09/06
Dude Shelendrea   | 06/09/06
WTF? Dave P.   | 06/09/06
I haven't seen the others yet... Linux Advocate   | 06/09/06
Please request also that ZDNet LoCal   | 06/11/06
Inappropriate phburks   | 06/09/06
Southern Pride Castanet   | 06/13/06
There are too many people using Win98 with no way to upgrade, MS will have DonnieBoy   | 06/09/06
Time to upgrade the hardware. No_Ax_to_Grind   | 06/09/06
Get a reality check buran   | 06/10/06
Reality Check bounced. Wolfie2K3   | 06/12/06
S'funny .... fredsmith6   | 06/10/06
Yea, and they used to charge $129 a pop mustangj36@...   | 06/12/06
Yeah, Same old story. John Zern   | 06/09/06
Let's see.... what is Windows 98? rock06r   | 06/10/06
You'd be surprised Necrolin   | 06/10/06
win 98 born4fun@...   | 06/11/06
Funny, I've paid to have my toast fix and it's from the 50s voska   | 06/12/06
Millions? A.Sinic   | 06/12/06
98 Dumber_z   | 06/13/06
No there isn't DB. There are more people running various linuxes. osreinstall   | 06/13/06
Hey, maybe create a version of Linux with Wine tuned to run Win98 programs. DonnieBoy   | 06/09/06
Win4Lin Yagotta B. Kidding   | 06/09/06
Go for it, we need a good laugh. No_Ax_to_Grind   | 06/09/06
And that laugh won't be *with* you Sabz5150   | 06/09/06
Wine really had it together with Win98 compatibility Hugh Jass   | 06/10/06
I recommend users of older PCs upgrade... HypnoToad   | 06/09/06
ALL HAIL THE HYPNO TOAD cuberantcamper   | 06/10/06
It's time for a REAL class action lawsuit against MICROSUCKS realitycheck101   | 06/09/06
Can you add George Bush to that class action Law Suit?................. Can you hear me   | 06/09/06
I'd rather do something usefull... Dave P.   | 06/09/06
yup because repubs are famous for being progressive.... JoeMama_z   | 06/09/06
Christian Prayer John Zern   | 06/09/06
What about Allah? cuberantcamper   | 06/10/06
Seattle Schools Dave P.   | 06/10/06
Seperation richhayes   | 06/11/06
Blinkered view A.Sinic   | 06/12/06
Show this in the constitution CMKRNL   | 06/12/06
Misleading Immanuel Tranz-Mischen   | 06/10/06
un-Christian? cuberantcamper   | 06/10/06
Mormon Immanuel Tranz-Mischen   | 06/10/06
Prayer richhayes   | 06/11/06
This is too easy... Dave P.   | 06/10/06
The odd thing about baning pray in schools voska   | 06/12/06
But for those who follow a religion Boot_Agnostic   | 06/12/06
There is no such clause in the Constitution CMKRNL   | 06/12/06
Yep Boot_Agnostic   | 06/12/06
Funny it seems to be in order.... JoeMama_z   | 06/12/06
here goes nothing..... JoeMama_z   | 06/12/06
Hey Fella Dumber_z   | 06/13/06
Lol best cliche anti MS post of the day jimk_z   | 06/09/06
Let's count the fallacies in this post... rock06r   | 06/10/06
speaking of fallacies.. mdsmedia   | 06/10/06
#3.... Wolfie2K3   | 06/12/06
Breathe! bdthompson   | 06/12/06
Only FOOLS would still be running W-98 with all the ...... Can you hear me   | 06/09/06
http://www.ubuntu.com/ Atsarr   | 06/10/06
It's totally FREE cuberantcamper   | 06/11/06
How to patch Win98 mobrien_12@...   | 06/09/06
you're an idiot.... JoeMama_z   | 06/09/06
Gotta love a post... John Zern   | 06/09/06
How is that going to help? NobodyHome   | 06/10/06
The bug is in the Explorer part of the code WiredGuy   | 06/12/06
...well that's the MS line but.. Langalibalene   | 06/12/06
Firewall neutro511@...   | 06/09/06
Spare a thought and some spare change, Microsoft Dan the Dog   | 06/10/06
Quit your Whining and Upgrade jpr75_z   | 06/10/06
Not everybody can Dan the Dog   | 06/10/06
No, none is perfect... mdsmedia   | 06/10/06
Is it still in a supported life cycle Boot_Agnostic   | 06/10/06
Well are the life cycles getting shorter Dan the Dog   | 06/10/06
Firewalls are available for free anyway... mdsmedia   | 06/10/06
On the contrary.. Wolfie2K3   | 06/12/06
A question of balance voska   | 06/12/06
Come on microsoft, you're smarter than this zmud   | 06/10/06
Decimated the software firewall makers??? rock06r   | 06/12/06
I meant that they should buy one of the struggling firewall makers zmud   | 06/12/06
Could get a boring MAC computer cuberantcamper   | 06/10/06
So I've heard... Linux_Fanboy   | 06/10/06
1998 list of linux exploits.... rock06r   | 06/12/06
Blah blah blah Boot_Agnostic   | 06/12/06
I know how we can all upgrade..... Jay E Court   | 06/10/06
unfortunately for memory/cpu and graphics performance zmud   | 06/10/06
hey, is microsoft gaving away new computers? GDANIELSC8@...   | 06/10/06
have you tried Damn Small Linux? mdsmedia   | 06/10/06
Yes I tried DSL( Damn small linux) , gentoo, and debian zmud   | 06/10/06
What?!?!? linux_for_me   | 06/11/06
9.5! zmud   | 06/12/06
Maybe a billion PC users.? ralphdb@...   | 06/10/06
Check out the new nick...heh heh... Linux_Fanboy   | 06/10/06
Message has been deleted. AlisaK2000@...   | 06/10/06
Poor = stubborn cheap idiot? Dan the Dog   | 06/10/06
Not that I need it, but... mdsmedia   | 06/10/06
You have your nerve... Linux_Fanboy   | 06/10/06
Say WHAT??!?!?! Wolfie2K3   | 06/12/06
Only a matter of time... Immanuel Tranz-Mischen   | 06/10/06
Astounding .... fredsmith6   | 06/10/06
Yeah, Bill and friends got a lot of mileage... Linux_Fanboy   | 06/10/06
Mmmm .... fredsmith6   | 06/11/06
Ummm... Linux_Fanboy   | 06/11/06
The latter... Linux_Fanboy   | 06/11/06
Here you go mouthy... Linux_Fanboy   | 06/11/06
Gosh 'n' wow fredsmith6   | 06/11/06
Oh my lord!... Linux_Fanboy   | 06/11/06
Mac and Linux are for real! cuberantcamper   | 06/11/06
Greed... Linux_Fanboy   | 06/11/06
Message has been deleted. myfevertoy   | 10/22/06
Windows XP Service Pack 1 is so insecure Anthony S.   | 06/10/06
No fix for a 1965 Ford Falcon master cylinder when it wears out. osreinstall   | 06/11/06
Go Bill's Auto Parts cuberantcamper   | 06/11/06
Bill never sold software. He licensed it all. osreinstall   | 06/11/06
One problem, you own the software voska   | 06/12/06
Nice try... osreinstall   | 06/12/06
port 139 Scott W   | 06/11/06
I could never figure that out myself... osreinstall   | 06/11/06
It sells firewall software. cuberantcamper   | 06/11/06
File sharing sans TCP/IP johnay   | 06/12/06
MICROSUCKS distributed the defective O/S now they should fix it realitycheck101   | 06/11/06
Fix it richhayes   | 06/12/06
Maybe BlackDiamond   | 06/12/06
So, Win98 and ME were defective then... BitTwiddler   | 06/12/06
COME ONM PEOPLE............WHAT IS YOUR PROBLEM....... ITJames5000   | 06/12/06
When it is fast enough and does all that you want/need Laff   | 06/12/06
The thing is, it is needed or there would not be this discussion. osreinstall   | 06/12/06
The Problem Is BlackDiamond   | 06/12/06
Even though I HATE Microslop... Linux_Fanboy   | 06/12/06
Why do you do this? Dumber_z   | 06/13/06