With support for its Windows 98 and Windows Millennium Edition (ME) operating systems about to expire, Microsoft has given up on the idea of patching a critical security vulnerability in the products, the company said.
The flaw has to do with the way Windows Explorer handles the Component Object Model objects used by Windows programs. Attackers could take over a system by tricking users into visiting a Web site that would then connect them to a remote file server. "This remote file server could then cause Windows Explorer to fail in a way that could allow code execution," Microsoft said.
Microsoft had fixed the problem in the majority of its Windows products on April 11. At the time, it had promised to deliver a patch for Windows 98 and ME "as soon as possible."
However, on Thursday, the company updated its bulletin on the issue, saying that this fix would require a lot of work and would possibly break applications being used on these platforms.
"After extensive investigation, Microsoft has found that it is not feasible to make the extensive changes necessary... to eliminate the vulnerability," Microsoft's bulletin states. "We have found that these architectures will not support a fix for this issue now or in the future. "
Microsoft is about to stop providing security fixes for Windows 98 and ME altogether. The company's next monthly patch release next Tuesday is the last scheduled security fix for the two operating systems.
Microsoft executives could not be reached to comment for this story.
Get the most out of the storage you already own. Download this whitepaper today and examine 7 key technologies behind maximizing your storage efficiency.
Download now »
Stop unscrupulous insiders. A clever criminal can lull the boss into believing nothing is amiss. Systems designed to monitor the network for patterns of criminal or destructive behavior are much harder to fool. Learn how to put the right countermeasures in place and vastly reduce the threat posed by insiders.
Download now »
Examine the 5 unique requirements that virtualization imposes on hardware, and discover how the next generation of HP's ProLiant server line can deliver virtualized, efficient data centers, rapid ROI and lower operational expenses.
Download now »
Address the backup and restore challenges created by virtualized server environments by following these technical recommendations. Learn how VMware Consolidated Backup in conjunction with HP Data Protector can realize a VMware ESX backup that surpasses the 1 TB/h performance threshold, while minimizing storage resources overhead.
Download now »
This white paper provides guidance on how to develop a strategic approach to managing and monitoring logs, a key function required for compliance with many regulatory mandates and a critical defense against security threats.
Download now! »
Learn about the processes and technologies that support security information management (SIM) operations, as well as the business case for SIM. The series examines different options for implementing SIM and gives you evaluation criteria for selecting the best option for your organization.
Download now! »
Learn the strategies, actions, and capabilities that Best-in-Class organizations employ and technologies they choose to obtain superior performance against various security performance metrics. This report provides guidelines for identifying which security solutions to consume as a MSS and defines best practices for choosing and managing MSSPs.
Download now! »
4 Recommendations
