unpatched Critical vulnerabilities in Win 98 98SE?

In regards to 5-002 this following may put you somewhat at ease and do not
worry because usually bad people are able to use code in patches in order to
exploit unpatched systems. It is unlikely that the following will be a
problem until Microsoft releases fixes for it via Windows Update.

First you would have to go to a bad website:

In a Web-based attack scenario, an attacker would have to host a Web site
that contains a Web page that is used to exploit this vulnerability. An
attacker could also attempt to compromise a Web site to have it serve up a
Web page with malicious content attempting to exploit this vulnerability. An
attacker would have no way to force users to visit a Web site. Instead, an
attacker would have to persuade them to visit the Web site, typically by
getting them to click a link that takes them to the attacker's site or a site
compromised by the attacker.

Second Microsoft suggests reading e-mail in plain text and blocking html
code from loading which I do as a precaution

Third Microsoft says this:

When this security bulletin was issued, had Microsoft received any reports
that this vulnerability was being exploited?
No. Microsoft had seen examples of proof of concept code published publicly
but had not received any information indicating that this vulnerability had
been publicly used to attack customers when this security bulletin was
originally issued.

Okay next for 5-015 here is some info.:

In a Web-based attack scenario, an attacker would have to host a Web site
that contains a Web page that is used to exploit this vulnerability. An
attacker could also attempt to compromise a Web site to have it display a Web
page with malicious content. An attacker would have no way to force users to
click on the malicious link. After they click the link, they would be
prompted to perform several actions. An attack could only occur after they
performed these actions.

Same thing make sure you block html in e-mail and read all e-mail in plain
text. I would not even suggest opening e-mail from people unknown

Also, consider using 128 bit encryption or greater when starting your e-mail
account

In addition, considering using a browser such as Mozilla Firefox which is
less likely to be attacked since it does not have Active X.

Finally, do not worry because Microsoft will eventually come out with a patch
and there have been no succesful documented attacks using these
vulnerabilities so far. If you are really paranoid you could always switch
to Linux or use an Apple computer. I hope this puts you at ease and have an
awesome day. Grateful thanks to Microsoft for information provided







"Vince" wrote in message
...
: As near as I can tell there are at least two unpatched vulnerabilities
: that MS has determined to be critical, but it appears there are no
: security updates currently available.
:
: http://www.microsoft.com/technet/security/bulletin/ms05-002.mspx
: Are Windows 98, Windows 98 Second Edition, or Windows Millennium
: Edition critically affected by any of the vulnerabilities that are
: addressed in this security bulletin?
: Yes. Windows 98, Windows 98 Second Edition, and Windows Millennium
: Edition are critically affected by this vulnerability. Critical
: security updates for these platforms will not be available
: concurrently with the other security updates provided as part of this
: security bulletin. They will be made available as soon as possible
: following the release. When these security updates are available, you
: will be able to download them only from the Windows Update Web site.
: For more information about severity ratings, visit the following Web
: site.
:
: http://www.microsoft.com/technet/security/bulletin/ms05-015.mspx
: Are Windows 98, Windows 98 Second Edition, or Windows Millennium
: Edition critically affected by one or more of the vulnerabilities that
: are addressed in this security bulletin?
: Yes. Windows 98, Windows 98 Second Edition, and Windows Millennium
: Edition are critically affected by this vulnerability. Critical
: security updates for these platforms may not be available concurrently
: with the other security updates provided as part of this security
: bulletin. They will be made available as soon as possible following
: the release. When these security updates are available, you will be
: able to download them only from the Windows Update Web site. For more
: information about severity ratings, visit the following Web site.
:
:
: Am I reading these things right? There are critical vulnerabilities
: in Windows 98(SE), but no patches are available? If so, is there any
: indication from Microsoft if or when they will have security updates
: available via Windows Update?