PDA

View Full Version : windowsupdate win98 after 7/11/06?


davidh
July 21st, 2006, 02:30 PM
MS windowsupdate in IE 6 just installed the following critical update on my Win 98 SE system

Security Update for Microsoft Data Access Components 2.8 (KB911562

Apparently MS is still doing some kind of minimal support for Win 98 via windowsupdate

DH

davidh
July 21st, 2006, 06:16 PM
Microsoft Security Bulletin MS06-014
Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562)
Published: April 11, 2006 | Updated: May 11, 2006

Version: 1.2

"Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition critically affected by one or more of the vulnerabilities that are addressed in this security bulletin?
Yes. Windows 98, Windows 98 Second Edition, and Windows Millennium Edition are critically affected by this vulnerability. These security updates are available for download from the Windows Update Web site."

http://www.microsoft.com/technet/security/Bulletin/MS06-014.mspx

What I don't understand as of now is when this update was released for Windows 98 or why I did not see it appear in WindowsUpdate sooner. I'm pretty sure it did some visits to windowsupdate site around the supposed cut off date of July 11, 06 to try to make sure I got the lasted updates before the site might stop working for Windows 98.

I haven't figured out yet whether or not I actually use any applications susceptible to this vulnerability (takes a lot of reading to figure out sometimes).

DH

davidh
July 21st, 2006, 06:28 PM
"What systems are primarily at risk from the vulnerability?
This vulnerability requires that a user is logged on and reading e-mail messages or is visiting Web sites for any malicious action to occur. Therefore, any systems where e-mail messages are read or where Internet Explorer is used frequently, such as workstations or terminal servers, are at the most risk from this vulnerability."

http://www.microsoft.com/technet/security/bulletin/MS06-014.mspx

davidh
July 21st, 2006, 06:41 PM
"Cumulative Security Update for Internet Explorer (912812), which was also released on April 11th, according to Microsoft Security Bulletin MS06-013, strengthens security settings for the Internet zone on Internet Explorer. These settings render the exploit ineffective even if the potential victim did not apply the 911562 patch referenced above. The cumulative update sets the following settings to Disable:

* Initialize and script ActiveX controls not marked as safe for scripting
* Access data sources across domains"

http://isc.sans.org/diary.php?date=2006-06-04&

What I gather from this so far is that there was a "workaround" update that covered up the problem to some degree and was apparently released first on windowsupdate.

So perhaps a or the patch for Windows 98 was not available until now, or at least available on windowsupdate until now.

I'm just thankful that it didn't seem to hurt my system when I installed the update and things seem to be working ok so far.

DH

Judy G. Russell
July 21st, 2006, 11:17 PM
I always cringe in fear when I have to do a Microsoft update. I never quite trust them...