Make your own free website on

Windows 9X Special Interest Group

  Windows 9X SIG Report

by John S. Krill

Welcome to the Windows 9X SIG

The primary purpose of the Windows SIG is to answer questions you have about Windows 9X (Windows 95 and Windows 98.) They can be: problems (software and hardware,) software suggestions (utilities, applications, etc.,) and how-to requests. Or you can just visit and learn about Windows 9X by being there. The meeting is held in Science 130 from 9am to 11am. You can show up and leave at anytime.

Note: Bring a 3.5", 1.4MB floppy. I generally have ZIPed files full of information.

Windows 98 Updates

Microsoft has an automatic online procedure for updating Windows 98. Select Windows Update on the Start button and you will be sent to the Windows 98 Update Web site. Follow their procedures and your system will be checked out. It is your option as to what you want to download and install. Whatever you select to do the update is done remotely and out of your control. So if you have to reload your Windows 98 and will have to go to the Update site and download and install the updates all over again.

e-mail Security Breach

Note: The following message was received from Microsoft.

Microsoft Security Bulletin (MS98-008)

This is a special alert message to registered users of Microsoft Office, Microsoft Outlook 98, Microsoft Internet Explorer version 4.0 or later, and Microsoft Windows 98. We want to inform you of a security issue that affects e-mail packages including Microsoft Outlook 98 and Microsoft Outlook Express versions 4.0 or later. Microsoft has created a fix for this security issue, which can be downloaded from:

This security issue involves how e-mail software handles file attachments with extremely long file names. When users attempt to download, open or launch a file attachment that has a name containing more than a certain number of characters, their action can cause the program to shut down unexpectedly. It is possible - although difficult - for a hacker to cause malicious code to be executed on a computer as a result of this problem. However, this cannot be caused accidentally, and to date we have received no reports of users being affected. More information on this issue can be found at:

Microsoft takes security very seriously, and we know you do as well. Microsoft is committed to ensuring that all its customers enjoy a rich, safe and secure computing experience and developers have been working around the clock to isolate and deal with these issues. Microsoft has provided software patches for both Outlook Express and Outlook 98 at:

We strongly recommend that you download the appropriate patch immediately.

To ensure customer safety with regard to this and other security-related issues, Microsoft is investigating further to uncover variants that the current patch may not block. Microsoft will communicate additional information about this research as it becomes available. You can also visit:

for the latest information and updates, and to register for the Microsoft Security Notification Service.

Additional Security Updates From Microsoft

Microsoft Security Bulletin (MS98-011)

Update available for "Window.External" JScript Vulnerability in Microsoft Internet Explorer 4

Microsoft Internet Explorer 4.0, 4.01 and 4.01 SP1 use the JScript Scripting Engine version 3.1 to process scripts on a web page. When Internet Explorer encounters a web page that uses JScript script to invoke the Window.External function with a very long string, Internet Explorer could terminate.

Long strings do not normally occur in scripts and must be intentionally created by someone with malicious intent. A skilled hacker could use this malicious script message to run arbitrary computer code contained in the long string.

In order for users to be affected by this problem, they must visit a web site that was intentionally designed to include a malicious script. See the "Administrative Workaround" section below for more information.

Microsoft Security Bulletin (MS98-012)

Updates available for Security Vulnerabilities in Microsoft PPTP

Microsoft has released a set of patches that fix several security issues with implementations of the Point-to-Point Tunneling Protocol (PPTP) used in Microsoft Virtual Private Networking (VPN) products. Customers using affected software listed below to secure communcations over a public network (i.e. the Internet) should download and apply these patches as soon as possible.

Windows 98 Users Download the patch from:

Strong Encryption Versions (128-bit)

Customers in the United States and Canada can download the strong encryption versions of these updates from:

Microsoft Security Bulletin (MS98-013)

Fix available for Internet Explorer Cross Frame Navigate Vulnerability

Microsoft has released a patch that fixes a recently discovered issue with the implementation of cross frame security in Microsoft Internet Explorer. Customers using affected software listed below should download and apply these patches as soon as possible.

Internet Explorer 4

Customers using versions of Internet Explorer listed in the "Affected Products" section can obtain the patch from the Internet Explorer Security web site,

Windows 98

Windows 98 customers can get the updated patch using the Windows Update. To obtain this patch using Windows Update, launch Windows Update from the Windows Start Menu and click "Product Updates." When prompted, select 'Yes' to allow Windows Update to determine whether this patch and other updates are needed by your computer. If your computer does need this patch, you will find it listed under the "Critical Updates" section of the page.

Internet Explorer 3 Users

Users of Internet Explorer 3 should first upgrade to the latest version of Internet Explorer 4 and then obtain the patch. Information on updating to Internet Explorer 4 can be found from the Internet Explorer download site