News

Microsoft Fixes Windows 95/98 Bug

Microsoft has released a patch that eliminates a vulnerability in Windows 95 and Windows 98 that could allow a malicious Web site or e-mail message to cause the Windows machine to crash or to run arbitrary code.

There is a buffer overflow in the Windows 95 and Windows 98 networking software that processes file name strings. If the networking software were provided with a very long random string as input, it could crash the machine. If provided with a specially malformed argument, it could be used to run arbitrary code on the machine via a classic buffer overrun attack.

The vulnerability could be exploited remotely in cases where a file:// URL or a Universal Naming Convention (UNC) string on a remote Web site included a long file name or where a long file name was included in an e-mail message.

All versions of Windows 95 and Windows 98 are known to be affected. The patch for Windows 95 is available at http://download.microsoft.com/download/win95/update/245729/w95/en-us/245729us5.exe and for Windows 98 at http://download.microsoft.com/download/win98/update/245729/w98/en-us/245729us8.exe.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

comments powered by Disqus
Most   Popular