This is always the story that I look for to probve that support is over for a Microsoft operating system. As you may remember Microsoft continued patching Windows NT long after they said they would stop because they had so many corporate users running their servers on that platform. This time around most businesses are running either Windows 2000 pro or Windows XP as desktops and the server side is still Windows 2000 or Windows 2003, I would be horrified to hear of many businesses running critical apps on a Windows 98 desktop box.
Microsoft Corp. has defended its decision not to patch a critical security flaw in Windows 98.
Support for the operating system officially ends next month on July 12.
The vulnerability exists in Windows Explorer and the way it handles Component Object Model objects, whereby a malicious Web site could force a connection to a remote server where Explorer could fail, executing arbitrary code and giving the attacker complete control of the OS.
Patches correcting the flaw were issued for Windows 2000, XP and Windows Server 2003, but the vulnerability remains unpatched on Windows 98.
Christopher Budd, Microsoft Response Center security program manager, said the upgrades to Explorer’s architecture since Windows 2000 has left 98 behind and applying fundamental changes could jeopardize program compatibility.
“Due to these fundamental differences, these changes would require re-engineering a significant amount of a critical core component of the operating system,” Budd said.
“After such a re-engineering effort, there would be no assurance that applications designed to run on these platforms would continue to operate on the updated system.”
“After extensive investigation, Microsoft has found that it is not feasible to make the extensive changes necessary…to eliminate the vulnerability,” it states.