Christopher Budd here again.
I wanted to take a moment and mention a couple of things related to security updates and Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME).
First, support for Windows 98, Windows 98 Second Edition, and Windows Millennium Edition (Me) ends on July 11, 2006, which is the July 2006 Monthly Bulletin Release date. This means Microsoft will end public and technical support on July 11, 2006. This also includes security updates. As an advance reminder, Windows XP SP1 will also reach a similar end of support date on October 10, 2006. There’s more detail about this and other Support Lifecycle dates on the Support Lifecycle Website: http://www.microsoft.com/lifecycle.
Second, today we’ve made an update to the FAQ in MS06-015 related to the availability of an update for Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME).
Specifically, after extensive investigation, we’ve found that it’s not feasible to make the extensive changes necessary to Windows Explorer on these older versions of Windows to eliminate the vulnerability.
This is because during the development of Windows 2000, we made significant enhancements to the underlying architecture of Windows Explorer. The Windows Explorer architecture on these older versions of Windows is much less robust than the more recent Windows architectures.
Due to these fundamental differences, these changes would require reengineering a significant amount of a critical core component of the operating system. After such a reengineering effort, there would be no assurance that applications designed to run on these platforms would continue to operate on the updated system.
We do strongly recommend that customers still using Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) protect those systems by placing them behind a perimeter firewall which filters traffic on TCP Port 139 which will block attacks attempting to exploit this vulnerability. This is discussed in the “Workarounds” section of the vulnerability.
And, of course, with the upcoming end up support for these products, we strongly recommend that those of you who are still running these older versions of Windows upgrade to a newer, more secure version, such as Windows XP SP2, as soon as possible.
Christopher
*This posting is provided “AS IS” with no warranties, and confers no rights.*