12 patches released to fix Microsoft security flaws

[Steven W]

Microsoft are set to release a dozen new patches in an aim to fix numerous security flaws in its software.

Nine of the patches relate to the Windows operating system, two relate to the Microsoft office software, and one will fix a security issue with e-mail server software.

One of the flaws is said to be "critical"

Source : Reuters

[directhex]

interestingly, a critical flaw in 98/98se/me will not be fixed, as ms can't be bothered so close to the end of support.

[dangel]

interestingly, a critical flaw in 98/98se/me will not be fixed, as ms can't be bothered so close to the end of support.

Neither would I be - they're all bloody awful operating systems..

[directhex]

Neither would I be - they're all bloody awful operating systems..

but they are still in wide use

[Synergy6]

but they are still in wide use

That's meaningless. The important point is no-one new is buying them, so there's no financial incentive to fix them. Also, as hardware moves forward and they don't, they're increasingly (and likely have already passed the point of) being far too much trouble to look after than they're worth. Win98/ME are horrible operating systems, and if someone has a machine that will not run even Win2000 then I don't think it's Microsoft's fault to expect them to pay £150 or so to get something better after perhaps a decade.
Synergy6

[nichomach]

98/98SE and ME are already officially unsupported and have been for a couple of years now, so there're unlikely to be any further fixes for them.

[directhex]

98/98SE and ME are already officially unsupported and have been for a couple of years now, so there're unlikely to be any further fixes for them.

# Critical security updates will be provided on the Windows Update site through July 11,2006.

they can't say one thing & mean another, it sets a bad precedent

[nichomach]

Which critical flaw are you referring to?

[dangel]

July 11, 2006 98/98SE/ME all go out of support.

Good riddance frankly.

[directhex]

Which critical flaw are you referring to?

Microsoft Security Bulletin MS06-015
Vulnerability in Windows Explorer Could Allow Remote Code Execution
Maximum Severity Rating: Critical

[TheAnimus]

thing is MS really should be fixing it because, they say they will, but in all fairness that deadline is an extension on the timeline people where given when they bought the OS.

fact of the matter, 9x is just terrible, and really should not be in use if its networked or any security is wished for.

[nichomach]

http://www.microsoft.com/technet/sec.../MS06-015.mspx

If Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) are listed as an affected product, why is Microsoft not issuing security updates for them?
During the development of Windows 2000, significant enhancements were made to the underlying architecture of Windows Explorer. The Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Windows Explorer architecture is much less robust than the more recent Windows architectures. Due to these fundamental differences, after extensive investigation, Microsoft has found that it is not feasible to make the extensive changes necessary to Windows Explorer on Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) to eliminate the vulnerability. To do so would require reengineer a significant amount of a critical core component of the operating system. After such a reengineering effort, there would be no assurance that applications designed to run on these platforms would continue to operate on the updated system.

Microsoft strongly recommends that customers still using Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) protect those systems by placing them behind a perimeter firewall which is filtering traffic on TCP Port 139. Such a firewall will block attacks attempting to exploit this vulnerability from outside of the firewall, as discussed in the workarounds section below.

So, basically, you can't fix it in the older OSes without breaking them very badly. Run them behind a firewall. Seems straightforward enough.

[zachig]

Damn, too many flaws...

I really hope that the new vista OS will be much more stable and unvulnurable...

Anyway, thanks for the info guys.

[directhex]

http://www.microsoft.com/technet/sec.../MS06-015.mspx



So, basically, you can't fix it in the older OSes without breaking them very badly. Run them behind a firewall. Seems straightforward enough.

would you have accepted that as an explanation for, say, blaster? "sorry, no fix, cba, where's my beer"?

[nichomach]

Blaster was a worm which was perfectly adequately handled by third party security products until a fix was released; in this case, third party security products also provide an adequate defence. The fix involved correcting, as I recall, a simple buffer overflow, not re-engineering major components of the OS, i.e. correcting a poor implemenation of an existing design, not going back and redesigning it. Your analogy is deeply flawed. Further, Windows 98, 98SE and ME will be officially unsupported in less than a month. I'd rather have MS's engineers working on stuff that actually matters, like a final service pack for XP, or making Vista run better.

Oh, and saying that "If we fix it we'll break loads of applications" hardly equates to "can't be arsed". Frankly, I have two 98 stations on my network, and the only reason they're there is because they can run legacy applications and hardware that anything newer can't. Anything that messes with that is a rather bad idea, from my point of view and I suspect that of a lot of other people who use those OSes for the same reason.

[directhex]

Blaster was a worm which was perfectly adequately handled by third party security products until a fix was released; in this case, third party security products also provide an adequate defence. The fix involved correcting, as I recall, a simple buffer overflow, not re-engineering major components of the OS, i.e. correcting a poor implemenation of an existing design, not going back and redesigning it. Your analogy is deeply flawed. Further, Windows 98, 98SE and ME will be officially unsupported in less than a month. I'd rather have MS's engineers working on stuff that actually matters, like a final service pack for XP, or making Vista run better.

Oh, and saying that "If we fix it we'll break loads of applications" hardly equates to "can't be arsed". Frankly, I have two 98 stations on my network, and the only reason they're there is because they can run legacy applications and hardware that anything newer can't. Anything that messes with that is a rather bad idea, from my point of view and I suspect that of a lot of other people who use those OSes for the same reason.

they are still, according to microsoft, under a support umbrella that covers them for critical security patches. whether it is a technical challenge or not, the fact remains that they are changing their minds as it suits them.

i've bought goods where they've refused to honour their warranty agreement a few weeks before it ended, because it was close enough to expired in their eyes - THAT is not a flawed analogy, and THAT is the situation here