Please read this,THERE IS NOW A FIX..Windows 98, ME users left vulnerable to WMF bug?

Windows image flaw now 'extremely critical'


the fix is also on the windows update site
for each system.. XP OR 2000

**(((CHECK YE WINDOWS UPDATE SITE..FOR THE WMF Exploit}}}**

 

Windows 98, ME users left vulnerable to WMF bug?
January 5, 2006 5:17 PM PST

Microsoft on Thursday rushed out an update to address a serious security flaw in Windows. Patches are available for Windows 2000, Windows XP, and Windows Server 2003, but Microsoft left out Windows 98 and Windows Millennium Edition.

The flaw lies in the way the OS software handles Windows Meta File images. Microsoft deems the issue "critical" only for Windows 2000, Windows XP and Windows Server 2003, the problem is not as big for Windows XP and Windows ME because it is harder to exploit on those older OSes, the company said in its MS06-001 security bulletin..

Experts from iDefense, F-Secure and SANS agree that no attacks that target the older Windows versions have surfaced. Yet that might only be a matter of time, said Mike Murray, director of vulnerability and exposure research at nCircle, a vulnerability management company in San Francisco.

Releasing a patch for Windows 98 and Windows ME would be the right thing to do, according to Murray. "Even Microsoft acknowledges that the vulnerability exists in those OSes, someone will figure out how to exploit it," he said.

By not fixing the older versions of Windows, Microsoft is leaving its customers out in the cold, Murray said. "In a way they are forcing customers to upgrade, saying that you can continue to use those older operating systems if you want to be vulnerable," he said.
Posted by Joris Evers
http://news.com.com/2061-10789_3-6020645.html?part=rss&tag=6020645&subj=news

 

Great so my g/f computer can be messed up at any moment...they wont make a patch for 98 because they want ppl to go out and bye xp, or bye a new pc, damn them damn them to PC hell

 

Dude you can get the XP OS for about 79 bucks ,its well worth it

 

i know, but there is no point, he computer is to old and to slow to even bother with XP she just uses it for MS Word, and the internet, so no point really, but still they should make patch for older versions

 

Microsoft closes Metafile hole with early patch

1/5/2006 11:44:32 PM, by Peter Pollack

Microsoft has caved to public pressure and released a patch for the Windows Metafile bug that has been all over the news the last few days. Although MS had recently stated that a patch would not appear until next week, public outcry was loud enough to rattle the software giant into changing its plans.

Microsoft originally planned to release the update on Tuesday, Jan. 10, 2006, as part of its regular monthly release of security bulletins, after testing for quality and application compatibility was complete. However, testing has been completed earlier than anticipated and the update is ready for release. In addition, Microsoft is releasing the update early in response to strong customer sentiment that the release should be made available as soon as possible.

With computer experts rating the security flaw as "extremely critical," there's little doubt MS had teams of software engineers working overtime to get this new hole closed.

News of a vulnerability in the way Windows handles Windows metafile images first broke on December 27. In short order, malicious web sites and e-mails were taking advantage of the flaw, which allows programs called Trojan-Downloaders to be hidden inside .WMF image files. Once a compromised image file is viewed, these programs can activate and install full-fledged Trojan horse programs on a host computer. Trojan horses have a wide variety of malevolent uses, including spyware, spamming, attacking other computers, or simply opening a tunnel for data theft on a host computer.

The bug is found in all versions of Windows from 98 to XP, and affects both the Windows 95 and NT codebases. Unfortunately, users of Windows 98, 98 SE, or ME can do little more than punt, as the patch is not available for those operating systems. Microsoft only updates older OSs if it judges a security issue as critical, and it has found a loophole in its own rules by simply declaring the issue "not critical" for that particular software.

Although Windows 98, Windows 98 Second Edition, and Windows Millennium Edition do contain the affected component, the vulnerability is not critical because an exploitable attack vector has not been identified that would yield a Critical severity rating for these versions.

I suppose that means that there aren't enough machines left running those operating systems to make it worth the trouble to fix 'em. A case could be made that anyone running the 8-year-old Windows 98 SE has larger problems than a mere Windows Metafile bug, and anyone still in the thrall of Windows ME, well...just has problems. Still, if there's a few grandparents out there using hand-me-down computers to check their e-mail, it would be nice to think that Microsoft was taking care of them too.
http://arstechnica.com/news.ars/post/20060105-5914.html