Make your own free website on Tripod.com

Microsoft Security Bulletins

Windows Assistance

Go To
Home
Windows XP
Virus Info Center
Windows Web Sites
Books
Tips From The Past
Searching For
Commentary
Microsoft Security Bulletins
eMail
About This Site
Search Me


Advanced Search

Search The Web


Advanced Search

 

More Bulletins:

Year 2003 Security Bulletins
Year 2002 Security Bulletins
Year 2001 Security Bulletins 
Year 2000 Security Bulletins 
Year 1999 Security Bulletins 

What's Listed

Only Official Microsoft Security Bulletins that apply to Windows 98/Me and any applets that are included with the operating system (Media Player, Internet Explorer, Outlook Express, etc.) 

This is not a complete list. You should also go to the Windows Update site at Microsoft and also visit the Security pages at Microsoft.

Be sure to read the Microsoft Terms of Use.


Microsoft Security Bulletin (MS98-020)

Patch Available for "Frame Spoof" Vulnerability

Microsoft has released a patch that fixes a vulnerability in Microsoft(r) Internet Explorer(r)  that could allow a malicious web site operator to impersonate a window on a legitimate web site. The threat posed by this vulnerability is that the bogus window could collect information from the user and send it back to the malicious site.

Affected Software Versions

 - Microsoft Internet Explorer versions 3.X, 4.0, 4.01, 4.01 Service Pack 1 for Windows 95
 - Microsoft Internet Explorer versions 4.01 Service Pack 1 for Windows 98
 - Microsoft Internet Explorer versions 3.X, 4.0, 4.01, 4.01 Service Pack 1 for Windows NT4.0
 - Microsoft Internet Explorer versions 3.X, 4.0, 4.01 for Windows 3.1
 - Microsoft Internet Explorer versions 3.X, 4.0, 4.01 for Windows NT 3.51
 - Microsoft Internet Explorer versions 3.X, 4.X for Macintosh
 - Microsoft Internet Explorer version 4 for UNIX on HPUX
 - Microsoft Internet Explorer version 4 for UNIX on Sun Solaris


Microsoft Security Bulletin (MS98-019)

xxx

Software:

  • Internet Explorer

Impact:

  • Two vulnerabilities, the most serious of which would allow script to run in the Local Computer Zone.

Maxium Risk:

  • Critical

Microsoft Security Bulletin (MS98-018)

Patch Available for Excel "CALL Vulnerability"

Microsoft has released a patch that fixes a vulnerability in Microsoft (r) Excel (r) that could allow certain types of executables to be run without a warning to the user. A legitimate Excel function, CALL, allows executables to be run from a worksheet. If the executable called by the function is of a malicious nature, a worksheet containing this function could represent a security risk to customers.

Affected Software Versions

 - Microsoft Excel 97


Microsoft Security Bulletin (MS98-017)

xxx

Software:

  • Internet Explorer

Impact:

  • Two vulnerabilities, the most serious of which would allow script to run in the Local Computer Zone.

Maxium Risk:

  • Critical

Microsoft Security Bulletin (MS98-016)

Update available for "Dotless IP Address" Issue in Microsoft Internet Explorer 4

Microsoft has released a patch that fixes a vulnerability in the way Internet Explorer 4 determines what security zone a target server is in. By exploiting this vulnerability, a malicious hacker could misrepresent the URL of their website, causing the site to be treated as it if were located on an intranet by Internet Explorer's Security Zones feature.

Affected Software Versions

 - Microsoft Internet Explorer 4.0, 4.01 and 4.01 SP1 on Windows NT 4.0, Windows 95
 - Microsoft Windows 98, with integrated Internet Explorer
 - Microsoft Internet Explorer 4.0 and 4.01 for Windows 3.1and Windows NT 3.51
 - Microsoft Internet Explorer 4.01 for UNIX

This vulnerability does not affect Internet Explorer 3.
This vulnerability does not affect Internet Explorer 4 for the Macintosh.


Microsoft Security Bulletin (MS98-015)

Update available for "Untrusted Scripted Paste" Issue in Microsoft (r) Internet Explorer (r) 4.01

On November 18th Microsoft released an updated version of the patch for  the "Untrusted Scripted Paste" vulnerability. This vulnerability, also  known as the "Cuartango" vulnerability, could enable a malicious web  site operator to use scripted paste operations to read a file that  resides in a known location on a user's system. The updated patch fixes  the original vulnerability as well as a newly-discovered variant.

Affected Software Versions

 - Microsoft Internet Explorer 4.01 and 4.01 SP1
   on Windows NT (r) 4.0, Windows (r) 95
 - Microsoft Windows 98, with integrated Internet Explorer
 - Microsoft Internet Explorer 4.01 for Windows 3.1 and Windows NT 3.51


Microsoft Security Bulletin (MS98-014)

xxx

Software:

  • Internet Explorer

Impact:

  • Two vulnerabilities, the most serious of which would allow script to run in the Local Computer Zone.

Maxium Risk:

  • Critical

Microsoft Security Bulletin (MS98-013)

Fix available for Internet Explorer Cross Frame Navigate Vulnerability

Microsoft has released a patch that fixes a recently discovered issue with the implementation of cross frame security in Microsoft Internet Explorer. Customers using affected software listed below should download and apply these patches as soon as possible.

Affected Software Versions

The following software is affected by this vulnerability:
 - Microsoft Internet Explorer 4.0, 4.01 and 4.01 SP1 on Windows NT 4.0, Windows 95
 - Microsoft Windows 98, with integrated Internet Explorer (version 4.01 SP1)
 - Microsoft Internet Explorer 4.0 and 4.01 for Windows 3.1 and Windows NT 3.51
 - Microsoft Internet Explorer 4.0 and 4.01 for Macintosh
 - Microsoft Internet Explorer 3.x


Microsoft Security Bulletin (MS98-012)

Updates available for Security Vulnerabilities in Microsoft PPTP

Microsoft has released a set of patches that fix several security issues with implementations of the Point-to-Point Tunneling Protocol (PPTP) used in Microsoft Virtual Private Networking (VPN) products. Customers using affected software listed below to secure communcations over a public network (i.e. the Internet) should download and apply these patches as soon as possible.

Affected Software Versions

The following software is affected by this vulnerability:
 - Microsoft Dialup Networking 1.2x and earlier on Windows 95
 - Microsoft Remote Access Services on Windows NT 4.0 (both client and server)
 - Microsoft Routing and Remote Access Services on Windows NT Server 4.0
 - Microsoft Windows 98 Dialup Networking


Microsoft Security Bulletin (MS98-011)

Update available for "Window.External" JScript Vulnerability in Microsoft Internet Explorer 4

Recently Microsoft was notified by Georgi Guninski and NTBugTraq (http://ntbugtraq.ntadvice.com) of a security issue affecting the way Microsoft Internet Explorer 4.0, 4.01 and 4.01 SP1 handles JScript scripts downloaded from web sites.

Affected Software Versions

The following software is affected by this vulnerability:
 - Microsoft Internet Explorer 4.0, 4.01, 4.01 SP1 on Windows 95 and Windows NT 4.0
 - Microsoft Windows 98

Internet Explorer 4 for Windows 3.1, Windows NT 3.51, Macintosh and UNIX (Solaris) are not affected by this problem. Internet Explorer 3.x is not affected by this problem.


Microsoft Security Bulletin (MS98-010)

Information on the BackOrifice Program

On July 21, a self-described hacker group known as the Cult of the Dead Cow released a tool called BackOrifice, and suggested that Windows users were at risk from unauthorized attacks. Microsoft takes security seriously, and has issued this bulletin to advise customers that Windows 95(r) and Windows 98(r) users following safe computing practices are not at risk and Windows NT(r) users are not threatened in any way by this tool.


Microsoft Security Bulletin (MS98-009)

xxx

Software:

  • Internet Explorer

Impact:

  • Two vulnerabilities, the most serious of which would allow script to run in the Local Computer Zone.

Maxium Risk:

  • Critical

Microsoft Security Bulletin (MS98-008)

Long Filename Attachment Vulnerability affecting Microsoft (R) Outlook (TM) 98 and Microsoft Outlook Express 4.x

Recently Microsoft was notified by AUSCERT (http://www.auscert.org.au), OUSPG (http://www.oulu.fi/Welcome.html) and NTBugtraq (http://ntbugtraq.ntadvice.com) of a security vulnerability affecting the way Microsoft email clients handle file attachments with extremely long file names.

Affected Software Versions

 - Outlook 98 on Windows (R) 95, Windows 98 and Microsoft Windows NT (R) 4.0
 - Outlook Express 4.0, 4.01 (including Outlook Express 4.01 with Service Pack 1) on Windows 95, Windows 98 and Windows NT 4.0
 - Outlook Express 4.01 on Solaris
 - Outlook Express 4.01 on the Macintosh


 

Microsoft Security Bulletin (MS98-007)

xxx

Software:

  • Internet Explorer

Impact:

  • Two vulnerabilities, the most serious of which would allow script to run in the Local Computer Zone.

Maxium Risk:

  • Critical

 

Microsoft Security Bulletin (MS98-006)

xxx

Software:

  • Internet Explorer

Impact:

  • Two vulnerabilities, the most serious of which would allow script to run in the Local Computer Zone.

Maxium Risk:

  • Critical

 

Microsoft Security Bulletin (MS98-005)

xxx

Software:

  • Internet Explorer

Impact:

  • Two vulnerabilities, the most serious of which would allow script to run in the Local Computer Zone.

Maxium Risk:

  • Critical

 

Microsoft Security Bulletin (MS98-004)

xxx

Software:

  • Internet Explorer

Impact:

  • Two vulnerabilities, the most serious of which would allow script to run in the Local Computer Zone.

Maxium Risk:

  • Critical

 

Microsoft Security Bulletin (MS98-003)

28 March 2002 Cumulative Patch for Internet Explorer

Software:

  • Internet Explorer

Impact:

  • Two vulnerabilities, the most serious of which would allow script to run in the Local Computer Zone.

Maxium Risk:

  • Critical

Microsoft Security Bulletin (MS98-002)

xxx

  • Internet Explorer

Impact:

  • Two vulnerabilities, the most serious of which would allow script to run in the Local Computer Zone.

Maxium Risk:

  • Critical

Microsoft Security Bulletin (MS98-001)

xxx

Software:

  • Internet Explorer

Impact:

  • Two vulnerabilities, the most serious of which would allow script to run in the Local Computer Zone.

Maxium Risk:

  • Critical

Year 2003 Security Bulletins
Year 2002 Security Bulletins
Year 2001 Security Bulletins
 
Year 2000 Security Bulletins 
Year 1999 Security Bulletins 


Microsoft Terms of Use

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT  DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR  PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS  SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF  LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

(c) 2000 Microsoft Corporation. All rights reserved. Terms of use.