News

Microsoft Fixes Windows 95/98 Bug

Microsoft has released a patch that eliminates a vulnerability in Windows 95 and Windows 98 that could allow a malicious Web site or e-mail message to cause the Windows machine to crash or to run arbitrary code.

There is a buffer overflow in the Windows 95 and Windows 98 networking software that processes file name strings. If the networking software were provided with a very long random string as input, it could crash the machine. If provided with a specially malformed argument, it could be used to run arbitrary code on the machine via a classic buffer overrun attack.

The vulnerability could be exploited remotely in cases where a file:// URL or a Universal Naming Convention (UNC) string on a remote Web site included a long file name or where a long file name was included in an e-mail message.

All versions of Windows 95 and Windows 98 are known to be affected. The patch for Windows 95 is available at http://download.microsoft.com/download/win95/update/245729/w95/en-us/245729us5.exe and for Windows 98 at http://download.microsoft.com/download/win98/update/245729/w98/en-us/245729us8.exe.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Feds Takes Action Against Russian Firms for Spying

    The U.S. Department of the Treasury has issued sanctions against Russia and a handful of Russian organizations for spying and other cyberactivities.

  • Microsoft Previews 64-Bit OneDrive Client for Windows 10

    A preview of a 64-bit OneDrive client for x64 Windows 10 systems is now available for work, school or home users.

  • The 2021 Microsoft Product Roadmap

    From Windows 10X to the next generation of Microsoft's application server products, here are the product milestones coming down the pipeline in 2021.

  • Microsoft Adds Data Loss Prevention Alerts to Compliance Toolbox

    The latest part of Microsoft's overall compliance tooling is its Data Loss Prevention Alerts Dashboard, now generally available.