News

Microsoft Fixes Windows 95/98 Bug

Microsoft has released a patch that eliminates a vulnerability in Windows 95 and Windows 98 that could allow a malicious Web site or e-mail message to cause the Windows machine to crash or to run arbitrary code.

There is a buffer overflow in the Windows 95 and Windows 98 networking software that processes file name strings. If the networking software were provided with a very long random string as input, it could crash the machine. If provided with a specially malformed argument, it could be used to run arbitrary code on the machine via a classic buffer overrun attack.

The vulnerability could be exploited remotely in cases where a file:// URL or a Universal Naming Convention (UNC) string on a remote Web site included a long file name or where a long file name was included in an e-mail message.

All versions of Windows 95 and Windows 98 are known to be affected. The patch for Windows 95 is available at http://download.microsoft.com/download/win95/update/245729/w95/en-us/245729us5.exe and for Windows 98 at http://download.microsoft.com/download/win98/update/245729/w98/en-us/245729us8.exe.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Nvidia Buys Chip Maker Arm for $40 Billion

    Nvidia has entered into a "definitive agreement" to acquire U.K.-based chip design company Arm Ltd. from the SoftBank Group in a stock-and-cash deal valued at $40 billion.

  • The 2020 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generations of .NET and PowerShell, here's what's on tap from Microsoft this year.

  • Oracle, Not Microsoft, Wins TikTok Buyout Bid

    Oracle's proposal to acquire TikTok's U.S. social media operations emerged victorious over the weekend, putting an end to Microsoft's competing buyout bid.

  • Microsoft Making Progress on Windows Virtual Desktop

    A recent "Desktops in the Cloud" podcast chat gives some insight into Microsoft's progress on its Windows Virtual Desktop (WVD) service.