Hunter Strategies LLC logo

Microsoft News Tracker

What's more interesting than observing Microsoft?

June 12, 2006

Windows 98 goes out with a whimper

Posted by David Hunter at 6:18 PM ET.

It wasn’t a surprise that all free Microsoft support for Windows 98 (and Windows Me) was supposed to terminate on June 30 with the end of free security fixes, but instead of an orderly farewell party with a brief reprieve to July 11, it turned into a rout. Robert McMillan at PCWorld:

With support for its Windows 98 and Windows Millennium Edition operating systems about to expire, Microsoft has given up on the idea of patching a critical security vulnerability in the products, the company announced this week.

The flaw has to do with the way Windows Explorer handles the Component Object Model objects used by Windows programs. Attackers could take over a system by tricking users into visiting a Web site that would then connect them to a remote file server.

“This remote file server could then cause Windows Explorer to fail in a way that could allow code execution,” Microsoft said.

Microsoft had fixed the problem in the majority of its Windows products on April 11. At the time, it had promised to deliver a patch for Windows 98 and ME “as soon as possible.”

Microsoft’s Christopher Budd explains:

Specifically, after extensive investigation, we’ve found that it’s not feasible to make the extensive changes necessary to Windows Explorer on these older versions of Windows to eliminate the vulnerability.

This is because during the development of Windows 2000, we made significant enhancements to the underlying architecture of Windows Explorer. The Windows Explorer architecture on these older versions of Windows is much less robust than the more recent Windows architectures.

Due to these fundamental differences, these changes would require reengineering a significant amount of a critical core component of the operating system. After such a reengineering effort, there would be no assurance that applications designed to run on these platforms would continue to operate on the updated system.

We do strongly recommend that customers still using Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) protect those systems by placing them behind a perimeter firewall which filters traffic on TCP Port 139 which will block attacks attempting to exploit this vulnerability. This is discussed in the “Workarounds” section of the vulnerability.

The “Workarounds” section is in the official Microsoft Security Bulletin MS06-015.

Jupiter Research’s Joe Wilcox offers a sensible assessment:

I don’t think Microsoft’s decision not to patch is designed to force Windows XP upgrades, as I’ve been repeatedly asked. But I do find the situation highly ironic. Microsoft had extended support for both products from June 30 to July 11, so there would be one last security patch–July 11 is a Security Tuesday–for Windows 98 and Me. So, it’s ironic that the two operating systems will end of life with one remaining critical flaw patched on newer Windows versions.

How serious is the situation? … Our data shows plenty of consumers and businesses still using Windows 98 and Me.

But his net is that Windows 98′s day has passed.

Filed under Microsoft, OS - Client, Obsolescence, Patch Tuesday, Security, Windows 98

Related posts:


4 Responses to “Windows 98 goes out with a whimper”

  1. Whatever happened to “Eiger?” -- Microsoft News Tracker Says:

    [...] Yesterday, reminded us of “Eiger” now known as Windows Fundamentals for Legacy PCs. It’s based on Windows XP Embedded, available only to Microsoft System Assurance customers (i.e. business customers), and designed to be run on legacy PCs that don’t have the oomph to run Windows XP. The advantage is better security and maintainability which would be nice in view of the imminent, inglorious end of service of Windows 98. The unfortunate answer is that despite initial plans to ship Fundamentals in June 2006, it has been pushed back to later in the year. I wasn’t too enthusiastic about it before, but with Windows 98 left hanging with a large security flaw, Fundamentals is turning out to be very late to the party. Filed under OS – Client, Windows XP, Embedded, XP Embedded, General Business, Licensing, Fundamentals, Windows 98, Microsoft   [Permalink] [...]

  2. Goodbye parties already starting for Windows 98 -- Microsoft News Tracker Says:

    [...] The end of extended support for Microsoft’s Windows 98, Windows 98 Second Edition, and Windows ME isn’t until July 11, but farewells have started appearing in the press and more are sure to follow. Some notable excerpts: [...]

  3. Richard Brennan Says:

    Interesting – and the end of the line not only of Win95/98, but the 16-bit code of MS-DOS as well. Kind of the end of an era, wouldn’t you say?

    Also – what happened to Windows Fundamentals for Legacy PCs, due last month? That was supposed to be the stop gap between Windows 98 and Vista – at least as far as security patches go.
    Ric Brennan

  4. David Hunter Says:

    See Whatever happened to Eiger – Fundamentals has been pushed into late 2006.

News Search:

Recent Posts:

Daily Digest Email:

Enter your Email

Powered by FeedBlitz


Full category list


Archive List

RSS Feed:

HunterStrat Links:


  • Powered by WordPress.