Windows 98 WMF patch



This hopefully will be my last post on the whole WMF exploit stuff…. It’s prompted in part by a comment on one of the articles on Windows 98 and the vulnerability. I realized that I hadn’t really brought things to a full conclusion for the Windows 98 users. Of course, Microsoft has released an official patch for Windows 2000 and XP and 2003, the sky is no longer falling quite as quickly and all is well right? Well, not exactly for pre-2000 Windows users. They’ve just been told, they have a vulnerability, it’s not as critical as it is for XP/2000/2003 and if it were critical – “oh we’d fix it there too”, but it’s not, better luck next time (and who knows the same vulnerability could come around more critical for earlier Windows versions next time…) Anyway, there IS a patch for Windows 98 systems.


In all the flurry of activity over the coverage of the official patch, I don’t know that much attention got paid to an antivirus vendors patch for the WMF exploit. It runs on Windows XP/2000/2003 which at this point is a moot point, but also on Win9x and WinME. NOD32 is the antivirus vendor that has done this. It works a bit differently than the other, unofficial patch that was out. It shouldn’t require a reboot.

I did test this in a Win98 virtual machine and what little I tested, I saw no side effects. I do not have printing setup (so I couldn’t test to see if the printing bug related to the unofficial patch affects this one as well..) The patch is distributed without warranties.

Since I don’t have a working exploit for Windows 98 (never could get the proof of concept exploits to even run calc.exe on the machine…. looks like no one else could either…), I don’t have a way to verify how effective it is on Windows 98. If some other exploit finds a way to gain traction on Windows98 we’ll have to see how well this patch solves it.

Until then, Windows 9x and ME users should be considering options for upgrading either to newer Windows versions (I’d avoid XP Home as support is intended to start phasing out at the end of this year.) You might also consider upgrading to a Mac or Linux system. Depending on what you do with your pc, either of those can be good options.

Related Posts

Blog Traffic Exchange Related Posts
  • Running UltraVNC viewer under wine I talked in the last entry about using UltraVNC and UltraVNC Single Click (ultravnc sc) as a means of doing remote desktop support. The idea is that you (the technical support person), setup vncviewer to listen for connections, then the end user with pc problems can download your customized ultravnc......
  • IE exploit unofficial patches While we wait for Microsoft to release a patch for the MOST recent Internet Explorer vulnerability..... it looks as though MS is "planning" to release a patch on their routine patch day of April 11th. (However they could always change their mind...) As before though there are some 3rd party......
  • System patching 0-days and ancient-day vulnerabilities There's a good article at Michael Sutton's Blog which points out something that really makes sense and I think many people are aware of, but with all the buzz that a new previously undisclosed vulnerability has, we forget. The point is this, there are plenty of machines online vulnerable to......
Blog Traffic Exchange Related Websites
  • My Journey’s July 16th 2009 Update One of the main reasons I started this site was to keep myself accountable to anyone that was reading. Ironic part, is that when I started I probably had no one reading so it was an exercise in futility! Fiscal Update My last update was on May 29, 2009 and......
  • SAINT 7.9 Product Release From Saint Newletter: Key New Features in SAINT 7.9 Vulnerability Scanner Microsoft Patch Tuesday scan policy - This scan policy checks for the latest published Microsoft Patch Tuesday vulnerabilities (2nd Tuesday of each month) New Vulnerability Check Type Coverage now includes - Blind SQL injection Flash application - Flash application......
  • Microsoft Security Advisory (2286198): Vulnerability in Windows Shell Could Allow Remote Code Execution Vulnerability in Windows Shell Could Allow Remote Code Execution Published: July 16, 2010 Version: 1.0 General Information Executive Summary Microsoft is investigating reports of limited, targeted attacks exploiting a vulnerability in Windows Shell, a component of Microsoft Windows. This advisory contains information about which versions of Windows are vulnerable as......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site