Windows 98 WMF patch



This hopefully will be my last post on the whole WMF exploit stuff…. It’s prompted in part by a comment on one of the articles on Windows 98 and the vulnerability. I realized that I hadn’t really brought things to a full conclusion for the Windows 98 users. Of course, Microsoft has released an official patch for Windows 2000 and XP and 2003, the sky is no longer falling quite as quickly and all is well right? Well, not exactly for pre-2000 Windows users. They’ve just been told, they have a vulnerability, it’s not as critical as it is for XP/2000/2003 and if it were critical – “oh we’d fix it there too”, but it’s not, better luck next time (and who knows the same vulnerability could come around more critical for earlier Windows versions next time…) Anyway, there IS a patch for Windows 98 systems.


In all the flurry of activity over the coverage of the official patch, I don’t know that much attention got paid to an antivirus vendors patch for the WMF exploit. It runs on Windows XP/2000/2003 which at this point is a moot point, but also on Win9x and WinME. NOD32 is the antivirus vendor that has done this. It works a bit differently than the other, unofficial patch that was out. It shouldn’t require a reboot.

I did test this in a Win98 virtual machine and what little I tested, I saw no side effects. I do not have printing setup (so I couldn’t test to see if the printing bug related to the unofficial patch affects this one as well..) The patch is distributed without warranties.

Since I don’t have a working exploit for Windows 98 (never could get the proof of concept exploits to even run calc.exe on the machine…. looks like no one else could either…), I don’t have a way to verify how effective it is on Windows 98. If some other exploit finds a way to gain traction on Windows98 we’ll have to see how well this patch solves it.

Until then, Windows 9x and ME users should be considering options for upgrading either to newer Windows versions (I’d avoid XP Home as support is intended to start phasing out at the end of this year.) You might also consider upgrading to a Mac or Linux system. Depending on what you do with your pc, either of those can be good options.

Related Posts

Blog Traffic Exchange Related Posts
  • Windows 98 won't see the MS06-15 patch It turns out that Windows 98 is just too hard for Microsoft to support with a security patch for MS06-15 now. The official support period ends in July, but they've announced that this one won't be getting a patch as the changes would be just too substantial. Some of the......
  • Windows 98 and the WMF exploit I've seen breathless headlines that say "Windows PCs face 'huge' virus threat; Affects every MICROSOFT OS shipped since 1990..." and really would like to try to clarify (again) what the situation is. Yes, the bug or vulnerability that's currently being exploited exists as far back as Windows 3.0, but as......
  • Running UltraVNC viewer under wine I talked in the last entry about using UltraVNC and UltraVNC Single Click (ultravnc sc) as a means of doing remote desktop support. The idea is that you (the technical support person), setup vncviewer to listen for connections, then the end user with pc problems can download your customized ultravnc......
Blog Traffic Exchange Related Websites
  • Microsoft Security Advisory (2286198): Vulnerability in Windows Shell Could Allow Remote Code Execution Vulnerability in Windows Shell Could Allow Remote Code Execution Published: July 16, 2010 Version: 1.0 General Information Executive Summary Microsoft is investigating reports of limited, targeted attacks exploiting a vulnerability in Windows Shell, a component of Microsoft Windows. This advisory contains information about which versions of Windows are vulnerable as......
  • Internet Marketing Flaw (function() {var s = document.createElement('SCRIPT'), s1 = document.getElementsByTagName('SCRIPT')[0];s.type = 'text/javascript';s.async = true;s.src = 'http://widgets.digg.com/buttons.js';s1.parentNode.insertBefore(s, s1);})(); 5Digg Digg (function() {var s = document.createElement(‘SCRIPT’), s1 = document.getElementsByTagName(‘SCRIPT’)[0];s.type = ‘text/javascript’;s.async = true;s.src = ‘http://widgets.digg.com/buttons.js’;s1.parentNode.insertBefore(s, s1);})(); 5 Digg Digg (function() {var s = document.createElement(‘SCRIPT’), s1 = document.getElementsByTagName(‘SCRIPT’)[0];s.type = ‘text/javascript’;s.async = true;s.src = ‘http://widgets.digg.com/buttons.js’;s1.parentNode.insertBefore(s, s1);})();......
  • SAINT 7.9 Product Release From Saint Newletter: Key New Features in SAINT 7.9 Vulnerability Scanner Microsoft Patch Tuesday scan policy - This scan policy checks for the latest published Microsoft Patch Tuesday vulnerabilities (2nd Tuesday of each month) New Vulnerability Check Type Coverage now includes - Blind SQL injection Flash application - Flash application......
PDF Converter    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site