Microsoft Security Bulletin MS06-015 Will NOT Patch Windows 9x or ME
Affected Software:
< snip >...
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) – Review the FAQ section of this bulletin for details about these operating systems.
Frequently asked questions (FAQ) related to this security update
If Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) are listed as an affected product, why is Microsoft not issuing security updates for them?
During the development of Windows 2000, significant enhancements were made to the underlying architecture of Windows Explorer. The Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Windows Explorer architecture is much less robust than the more recent Windows architectures. Due to these fundamental differences, after extensive investigation, Microsoft has found that it is not feasible to make the extensive changes necessary to Windows Explorer on Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) to eliminate the vulnerability. To do so would require reengineer a significant amount of a critical core component of the operating system. After such a reengineering effort, there would be no assurance that applications designed to run on these platforms would continue to operate on the updated system.
Microsoft strongly recommends that customers still using Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) protect those systems by placing them behind a perimeter firewall which is filtering traffic on TCP Port 139. Such a firewall will block attacks attempting to exploit this vulnerability from outside of the firewall, as discussed in the workarounds section below.
Will Microsoft issue security updates for Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) sometime in the future?
Microsoft has extensively investigated an engineering solution for Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME). We have found that these architectures will not support a fix for this issue now or in the future.
If you connect to the Internet with a Windows 98 or ME computer you will be at risk from past, present and future threats, with no help coming from Microsoft after July 11. Microsoft is discontinuing ALL support and patches for Windows 98, Windows 98 S.E. and Windows M.E., effective on the evening of July 11, 2006.
"Critical security updates will be provided on the Windows Update site through July 11, 2006. Microsoft will not publicly release non-critical security hotfixes for Windows 98, Windows 98 Second Edition, or Windows Millennium Edition."
If you are still using one of those operating systems on a computer that connects to the Internet, you are strongly advised to scrap it and get something up to date, with an operating system that is still supported by Microsoft, or get a new Mac instead. In the meantime, add as much anti-virus, anti-spyware and firewall protection as you can find, that will work on your OS, and download as many Windows updates as you can, then buy a disk imaging program and make a copy of the fresh OS, with all patches and security programs in place. Burn that to a CD for use if your OS crashes or gets invaded by a virus, backdoor, trojan, worm or spyware.
Get Norton 360 Version 4.0 - All-In-One Security.
If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.
Wiz's Blog is written by Bob "Wiz" Feinberg, an experienced freelance computer consultant, troubleshooter and webmaster. Wiz's specialty is in computer and website security. 