Microsoft Stops Supporting Win98 Early

Christopher_G_Lewis writes "Today Microsoft announced that it is 'not feasible to make the extensive changes necessary to Windows Explorer on Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) to eliminate the vulnerability' to fix Security Bulletin MS06-15. Granted, the vulnerability is easily prevented by basic firewalling, but this basically is the first time Microsoft has admitted that Windows 98 is so broken that it's crazy to be running it on today's Internet."

Who ever said Windows 98 was buggy?

[afxzanac]

Who ever said Windows 98 was buggy?

Re::O

[Rosyna]

"Windows is so broken that it's crazy to be running it on today's Internet"

I think that's a little harsh. I mean it's been what, 2 months since the last vulnerability made news? Give MS some slack.

Re:not feasible?

[Tackhead]

> What? Microsoft can't write a simple packetfilter for windows98? I'm quite sure others have.

Funny part is that the exploit isn't as critical as it sounds.

From TFBulletin, "An attacker would need to convince a user to visit a Web site that could force a connection to a remote file server." It also looks like the way to make the exploit work would require Javashit and/or ActiveX being enabled on the victim's machine, and the web browser in question being IE. Filtering TCP port 139 is listed as a workaround.

In other words, it's like most other exploits: It requires the user to do Something Stupid first. A Win9x user running Firefox, and doing so from behind a firewall, can rest easy.

Re::O

[tommy_traceroute]

2 months? You're kidding, right? Or are you really that out of touch with the "news"?

Or maybe... oh wait, I'm sorry. You're just trolling.

Never mind.