Is 98 Affected by the URI Problem Fix in 11/13 Update?

[smith]

http://www.pcworld.com/article/id,139598-
c,windowsbugs/article.html

described a patch in the 11/13/2007 Windows udpate that fixed a
"URI problem" described as critical.

The article said the bug did not affect Win 2000.

Does anyone know if the explosure affects Win 98?

 

[philo]

"smith" <smith@nospam.com> wrote in message
news:uTgk0amJIHA.2064@TK2MSFTNGP06.phx.gbl...
> http://www.pcworld.com/article/id,139598-
> c,windowsbugs/article.html
>
> described a patch in the 11/13/2007 Windows udpate that fixed a
> "URI problem" described as critical.
>
> The article said the bug did not affect Win 2000.
>
> Does anyone know if the explosure affects Win 98?


Although Win98 is probably not affected...
it's a moot point as Microsoft is writing no more updates for Win98 anyway

 

[98 Guy]

smith wrote:

> Does anyone know if the explosure affects Win 98?

http://www.microsoft.com/technet/security/bulletin/MS07-061.mspx

Note the following:

"Microsoft has not identified a way to exploit this vulnerability on
any Windows operating system that is running Internet Explorer 6"

Which explains why Win-2000 is not listed as vulnerable.

So I guess the vulnerability lies in IE7 files.

Strange that Vista is not affected, but XP is. Do they each use a
different set of IE7 files?

 

[Dan]

Internet Explorer 7 in Vista has 256 bit encryption compared to 128 bit
encryption in XP. In addition, IE 7 in Vista has a protected mode that XP
does not have. I would conclude that the 2 versions must have some files
that are different since Vista IE 7 offers features that are not available in
XP IE 7.

 

[glee]

http://www.microsoft.com/technet/security/bulletin/MS07-061.mspx

Although "Microsoft has only identified ways to exploit this vulnerability on
systems using Internet Explorer 7....(snip).....the vulnerability exists in a
Windows file, Shell32.dll...." so the real questions are whether a way to exploit
the vulnerability on systems with IE6 could eventually be discovered and whether
the Shell32.dll file in Win98 has the vulnerability.

Since Win98/98SE is no longer supported, Microsoft will not be doing any testing of
this, let alone releasing an update even if a vulnerability was recognised. It
would be up to third parties to research and test it.

At the very least I would look for alternate browsers for Win98 (Opera, Firefox) to
minimize the possibility of attacks via holes in Internet Explorer on that platform.
--
Glen Ventura, MS MVP Shell/User, A+


"smith" <smith@nospam.com> wrote in message
news:uTgk0amJIHA.2064@TK2MSFTNGP06.phx.gbl...
> http://www.pcworld.com/article/id,139598-
> c,windowsbugs/article.html
>
> described a patch in the 11/13/2007 Windows udpate that fixed a
> "URI problem" described as critical.
>
> The article said the bug did not affect Win 2000.
>
> Does anyone know if the explosure affects Win 98?