Is 98 Affected by the URI Problem Fix in 11/13 Update?

[Guest smith]

http://www.pcworld.com/article/id,139598-

c,windowsbugs/article.html

 

described a patch in the 11/13/2007 Windows udpate that fixed a

"URI problem" described as critical.

 

The article said the bug did not affect Win 2000.

 

Does anyone know if the explosure affects Win 98?

[Guest philo]

Re: Is 98 Affected by the URI Problem Fix in 11/13 Update?

 

 

"smith" <smith@nospam.com> wrote in message

news:uTgk0amJIHA.2064@TK2MSFTNGP06.phx.gbl...

> http://www.pcworld.com/article/id,139598-

> c,windowsbugs/article.html

>

> described a patch in the 11/13/2007 Windows udpate that fixed a

> "URI problem" described as critical.

>

> The article said the bug did not affect Win 2000.

>

> Does anyone know if the explosure affects Win 98?

 

 

Although Win98 is probably not affected...

it's a moot point as Microsoft is writing no more updates for Win98 anyway

[Guest 98 Guy]

Re: Is 98 Affected by the URI Problem Fix in 11/13 Update?

 

smith wrote:

> Does anyone know if the explosure affects Win 98?

 

http://www.microsoft.com/technet/security/bulletin/MS07-061.mspx

 

Note the following:

 

"Microsoft has not identified a way to exploit this vulnerability on

any Windows operating system that is running Internet Explorer 6"

 

Which explains why Win-2000 is not listed as vulnerable.

 

So I guess the vulnerability lies in IE7 files.

 

Strange that Vista is not affected, but XP is. Do they each use a

different set of IE7 files?

[Guest Dan]

Re: Is 98 Affected by the URI Problem Fix in 11/13 Update?

 

Internet Explorer 7 in Vista has 256 bit encryption compared to 128 bit

encryption in XP. In addition, IE 7 in Vista has a protected mode that XP

does not have. I would conclude that the 2 versions must have some files

that are different since Vista IE 7 offers features that are not available in

XP IE 7.

[Guest glee]

Re: Is 98 Affected by the URI Problem Fix in 11/13 Update?

 

http://www.microsoft.com/technet/security/bulletin/MS07-061.mspx

 

Although "Microsoft has only identified ways to exploit this vulnerability on

systems using Internet Explorer 7....(snip).....the vulnerability exists in a

Windows file, Shell32.dll...." so the real questions are whether a way to exploit

the vulnerability on systems with IE6 could eventually be discovered; and whether

the Shell32.dll file in Win98 has the vulnerability.

 

Since Win98/98SE is no longer supported, Microsoft will not be doing any testing of

this, let alone releasing an update even if a vulnerability was recognised. It

would be up to third parties to research and test it.

 

At the very least I would look for alternate browsers for Win98 (Opera, Firefox) to

minimize the possibility of attacks via holes in Internet Explorer on that platform.

--

Glen Ventura, MS MVP Shell/User, A+

 

 

"smith" <smith@nospam.com> wrote in message

news:uTgk0amJIHA.2064@TK2MSFTNGP06.phx.gbl...

> http://www.pcworld.com/article/id,139598-

> c,windowsbugs/article.html

>

> described a patch in the 11/13/2007 Windows udpate that fixed a

> "URI problem" described as critical.

>

> The article said the bug did not affect Win 2000.

>

> Does anyone know if the explosure affects Win 98?