From: "Rich Gauszka" 

This is a multi-part message in MIME format.

------=_NextPart_000_0044_01C68C1D.5B20BC10
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

In April Microsoft pledged that it would patch the vulnerability =
(MS06-015) for 98 and ME. Now in June they've added the little pledge =
breaking revision at the bottom with the excuse to publications that it =
was too hard to fix. The new Microsoft motto? - Security is our motto =
unless it's too hard to fix

http://www.microsoft.com/technet/security/Bulletin/MS06-015.mspx
V2.1 (June 8, 2006): Bulletin revised: FAQ Section updated to notify =
customers that a security update will not be shipped for Microsoft =
Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft =
Windows Millennium Edition (ME).
=20
  "Rich"  wrote in message news:448a35bd{at}w3.nls.net...
     The article's author's statement is garbage and not supported by =
the supposed quote or by the published Microsoft bulletin.  If you want =
accurate information, look to the bulletin at the URL I provided.

  Rich

    "Rich Gauszka"  wrote in message =
news:448a2d7b{at}w3.nls.net...
    My original subject line said  "Are W2k Explorer users toast =
security wise?" . Do you disagree with Christopher Budd or do you
think = he was misquoted by pcworld about 2k and it's security
vulnerability and = the extensive reengineering of a critical core
components that would be = needed?
    It's the 'extensive reengineering' quote that got my attention

    I would bet a good many people that have home networks have port 139 =
open for file and print sharing. Just issuing a blurb to close it seems = a
bit pointless. I also doubt any of those people that are on 98 will =
invest in a perimeter firewall.=20

    I would say they are all zombie/trojan candidates but I can't talk =
about them anymore as I am inficted with the wga 'phone home' trojan=20

     =20
      "Rich"  wrote in message news:448a28f2$1{at}w3.nls.net...
         What nonsense!  Windows 2000 was updated in the original =
release of =
http://www.microsoft.com/technet/security/bulletin/MS06-015.mspx.  =
Windows 9x is not being updated.  From the bulletin

        If Microsoft Windows 98, Microsoft Windows 98 Second Edition =
(SE), and Microsoft Windows Millennium Edition (ME) are listed as an =
affected product, why is Microsoft not issuing security updates for = them?
        During the development of Windows 2000, significant enhancements =
were made to the underlying architecture of Windows Explorer. The =
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and =
Microsoft Windows Millennium Edition (ME) Windows Explorer architecture =
is much less robust than the more recent Windows architectures. Due to =
these fundamental differences, after extensive investigation, Microsoft =
has found that it is not feasible to make the extensive changes = necessary
to Windows Explorer on Microsoft Windows 98, Microsoft Windows = 98 Second
Edition (SE), and Microsoft Windows Millennium Edition (ME) to = eliminate
the vulnerability. To do so would require reengineer a = significant amount
of a critical core component of the operating system. = After such a
reengineering effort, there would be no assurance that = applications
designed to run on these platforms would continue to = operate on the
updated system.

        Microsoft strongly recommends that customers still using =
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and =
Microsoft Windows Millennium Edition (ME) protect those systems by =
placing them behind a perimeter firewall which is filtering traffic on =
TCP Port 139. Such a firewall will block attacks attempting to exploit =
this vulnerability from outside of the firewall, as discussed in the =
workarounds section below.

      Rich

        "Rich Gauszka"  wrote in message =
news:4489d02a{at}w3.nls.net...

        http://news.yahoo.com/s/pcworld/20060609/tc_pcworld/126041
        Microsoft said it wasn't feasible to make extensive changes to =
Windows=20
        Explorer to eliminate a security vulnerability since the =
underlying=20
        architecture of Windows 2000 is much less robust, wrote =
Christopher Budd, a=20
        program manager with Microsoft's security response center.


        "Due to these fundamental differences, these changes would =
require=20
        reengineering a significant amount of a critical core component =
of the=20
        operating system," Budd said.


        As a result, applications may not run on the updated system, he =
said.


------=_NextPart_000_0044_01C68C1D.5B20BC10
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








In April Microsoft pledged that it =
would patch the=20
vulnerability (MS06-015) for 98 and ME. Now in June they've added the = little=20
pledge breaking revision at the bottom with the excuse to =
publications that=20
it was too hard to fix. The new Microsoft motto? - Security is our motto =

unless it's too hard to fix
 
http://www.microsoft.com/technet/security/Bulletin/MS06-015.mspx"=
>http://www.microsoft.com/technet/security/Bulletin/MS06-015.mspx=
NT>
V2.1 (June 8, 2006): Bulletin revised: =
FAQ Section=20
updated to notify customers that a security update will not be shipped = for=20
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and = Microsoft=20
Windows Millennium Edition (ME).
 

  "Rich" <{at}> wrote in message news:448a35bd{at}w3.nls.net...
     The
article's author's =
statement is=20
  garbage and not supported by the supposed quote or by the published =
Microsoft=20
  bulletin.  If you want accurate information, look to =
the bulletin at=20
  the URL I provided.
   
  Rich
   
  

    "Rich Gauszka" <gauszka{at}hotmail.com>">mailto:gauszka{at}hotmail.com">gauszka{at}hotmail.com>
=
wrote in=20
    message news:448a2d7b{at}w3.nls.net...
    My original subject line
said  =
"Are W2k Explorer users toast security
wise?" . =
Do you=20
    disagree with Christopher Budd or do you think he was misquoted =
by=20
    pcworld about 2k and it's security vulnerability and the extensive =
reengineering of a critical =
core=20
    components that would be needed?
    It's the 'extensive reengineering' quote that got my =
attention
     
    I would bet a good many
people that =
have home=20
    networks have port 139 open for file and print sharing. Just =
issuing a=20
    blurb to close it seems a bit pointless. I also doubt any of those =
people=20
    that are on 98 will invest in a perimeter firewall. 
     
    I would say they are all =
zombie/trojan=20
    candidates but I can't talk about them anymore as I am inficted with =
the wga=20
    'phone home' trojan 
     
      
    

      "Rich" <{at}> wrote in message news:448a28f2$1{at}w3.nls.net...
        
What nonsense!  =
Windows=20
      2000 was updated in the original release of http://www.microsoft.com/technet/security/bulletin/MS06-015.mspx"=
>.&nb" target="new">http://www.microsoft.com/technet/security/bulletin/MS06-015.mspx.&nb=
sp;=20
      Windows 9x is not being updated.  From the =
bulletin
       
      
        If Microsoft Windows 98, Microsoft Windows 98 =
Second=20
        Edition (SE), and Microsoft Windows Millennium Edition (ME) are =
listed=20
        as an affected product, why is Microsoft not issuing security =
updates=20
        for them?During the development of Windows 2000,=20
        significant enhancements were made to the underlying =
architecture of=20
        Windows Explorer. The Microsoft Windows 98, Microsoft Windows 98 =
Second=20
        Edition (SE), and Microsoft Windows Millennium Edition (ME) =
Windows=20
        Explorer architecture is much less robust than the more recent =
Windows=20
        architectures. Due to these fundamental differences, after =
extensive=20
        investigation, Microsoft has found that it is not feasible to =
make the=20
        extensive changes necessary to Windows Explorer on Microsoft =
Windows 98,=20
        Microsoft Windows 98 Second Edition (SE), and Microsoft Windows=20
        Millennium Edition (ME) to eliminate the vulnerability. To do so =
would=20
        require reengineer a significant amount of a critical core =
component of=20
        the operating system. After such a reengineering effort, there =
would be=20
        no assurance that applications designed to run on these =
platforms would=20
        continue to operate on the updated system.Microsoft =
strongly=20
        recommends that customers still using Microsoft Windows 98, =
Microsoft=20
        Windows 98 Second Edition (SE), and Microsoft Windows Millennium =
Edition=20
        (ME) protect those systems by placing them behind a perimeter =
firewall=20
        which is filtering traffic on TCP Port 139. Such a firewall will =
block=20
        attacks attempting to exploit this vulnerability from outside of =
the=20
        firewall, as discussed in the workarounds section=20
below.
       
      Rich
       
      
        "Rich Gauszka" <gauszka{at}hotmail.com>">mailto:gauszka{at}hotmail.com">gauszka{at}hotmail.com>
=
wrote in=20
        message news:4489d02a{at}w3.nls.net...http:=">http://news.yahoo.com/s/pcworld/20060609/tc_pcworld/126041">http:=
//news.yahoo.com/s/pcworld/20060609/tc_pcworld/126041Microsoft=20
        said it wasn't feasible to make extensive changes to Windows=20
        Explorer to eliminate a security vulnerability since the =
underlying=20
        architecture of Windows 2000 is much less robust, wrote =
Christopher=20
        Budd, a program manager with Microsoft's security response=20
        center."Due to these fundamental
differences, these =
changes=20
        would require reengineering a significant amount of a =
critical core=20
        component of the operating system," Budd
said.As =
a=20
        result, applications may not run on the updated system, he=20
      =
said.<=
/HTML>

------=_NextPart_000_0044_01C68C1D.5B20BC10--

--- BBBS/NT v4.01 Flag-5