News

Microsoft Fixes Windows 95/98 Bug

Microsoft has released a patch that eliminates a vulnerability in Windows 95 and Windows 98 that could allow a malicious Web site or e-mail message to cause the Windows machine to crash or to run arbitrary code.

There is a buffer overflow in the Windows 95 and Windows 98 networking software that processes file name strings. If the networking software were provided with a very long random string as input, it could crash the machine. If provided with a specially malformed argument, it could be used to run arbitrary code on the machine via a classic buffer overrun attack.

The vulnerability could be exploited remotely in cases where a file:// URL or a Universal Naming Convention (UNC) string on a remote Web site included a long file name or where a long file name was included in an e-mail message.

All versions of Windows 95 and Windows 98 are known to be affected. The patch for Windows 95 is available at http://download.microsoft.com/download/win95/update/245729/w95/en-us/245729us5.exe and for Windows 98 at http://download.microsoft.com/download/win98/update/245729/w98/en-us/245729us8.exe.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Everything Microsoft Announced at Its Surface Event

    Microsoft showed off its updated and expanded line of Surface devices this week, positioning the new Surface Laptop Studio as its flagship Windows 11 laptop.

  • M&A in Microsoft Channel: Progress Acquires Kemp

    Longtime Microsoft partner Progress Software is acquiring another Microsoft partner in Kemp Technologies.

  • The 2021 Microsoft Product Roadmap

    From Windows 10X to the next generation of Microsoft's application server products, here are the product milestones coming down the pipeline in 2021.

  • Microsoft Says System Center 2022 Will Arrive Early Next Year

    Microsoft is planning to release its new System Center product in the first quarter of 2022, with a private preview arriving within months.