Microsoft Backtracks, Won't Patch April Bug For Windows 98/Me

Company announced that contrary to an earlier pledge, it will not provide a patch for Windows 98/Me to fix a critical vulnerability first disclosed in April.


June 09, 2006
URL:http://drdobbs.com/windows/microsoft-backtracks-wont-patch-april-bu/188703402

Microsoft on Friday again rang "last call" for Windows 98 and Windows Millennium, reminding users that support will vanish for the two operating systems as of July 11. The company also announced that contrary to an earlier pledge, it will not provide a patch for those OSes to fix a critical vulnerability it first disclosed in April.

"First, support for Windows 98, Windows 98 Second Edition, and Windows Millennium Edition (Me) ends on July 11, 2006, which is the July 2006 Monthly Bulletin Release date," said Christopher Budd, security program manager with the Microsoft Security Response Center (MSRC) on the group's blog. "This means Microsoft will end public and technical support on July 11, 2006. This also includes security updates."

Microsoft began talking of the end of support for Windows 98 and Windows Me in April, a day after it released five security bulletins, including one marked MS06-015 that promised a later Windows 98/Me fix for a critical bug in Windows Explorer, the operating system's file manager.

Friday, however, Microsoft retracted that promise. "We've found that it's not feasible to make the extensive changes necessary to Windows Explorer on these older versions of Windows to eliminate the vulnerability," said Budd.

He described the difficulty as stemming from "significant enhancements to the underlying architecture" of Explorer during Windows 2000's development. "Due to these fundamental differences [between Windows 98/Me and Windows 2000 and later], these changes would require reengineering a significant amount of a critical core component of the operating system," added Budd. "After such a reengineering effort, there would be no assurance that applications designed to run on these platforms would continue to operate on the updated system."

According to Microsoft's stated support policy, it promises to patch all security vulnerabilities marked as either "critical" or "important," its two top warning ratings, during the last three years of Extended support. Windows 98 and Windows Me have been in extended support since June 30, 2002.

Budd also repeated a work-around for Windows 98 and Me, which filter traffic on TCP Port 139 at the network perimeter to block attacks exploiting the Windows Explorer bug.

As it has before, Microsoft again urged users of Windows 98 and Me to update to a new OS. "We strongly recommend that those of you who are still running these older versions of Windows upgrade to a newer, more secure version, such as Windows XP SP2, as soon as possible," Budd concluded.

In other end-of-support news, Microsoft has also posted a notice on its Web site reminding users that support stops as of October 11 2006 for Windows XP SP1.

Terms of Service | Privacy Statement | Copyright © 2024 UBM Tech, All rights reserved.