Microsoft Patches Windows 98, ME Flaws

Two previously released bulletins have been updated to add security fixes for Windows 98, 98SE and ME users.

Its not such a quiet patch day for users of Microsoft Corp.s older operating systems.

The software giant on Tuesday updated two previously released bulletins to add critical security fixes for customers running Windows 98, 98SE and ME.

The decision to release patches for Windows 98 and ME users is described as a "bonus" because of the critical nature of the vulnerabilities being addressed, a Microsoft spokeswoman said. "Those products are out of lifecycle, but we made a commitment to provide critical updates, and thats what youre seeing."

She said priority was given to rolling out patches for supported products. "After further testing on the out-of-lifecycle platforms, we updated the advisories."

The patches cover two remote code execution vulnerabilities.

The first, MS05-002, fixes a hole in the cursor and icon format handling feature that could open the door for an attacker to take complete control of an affected system.

/zimages/4/28571.gifClick here to read more about Microsofts announcement that there would be no new security advisories this month.

Microsoft also added patches to MS05-015 to protect users against a remote code execution vulnerability in the Hyperlink Object Library.

Original versions of the advisories were released during the January and February patching cycles.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.