Microsoft Sends Myriad of Updates
Since there is more than one, in fact there are 2 patches, 2 security bulletins, and 2 software updates, I thought I'd just write them all into one big article for you all so you don't have to keep clicking around to find them. Thanks to Win98Central for posting all of these today, and now for the meat of the article.
Patch Available for "Microsoft VM ActiveX Component" Vulnerability
Microsoft has released a patch that eliminates a security vulnerability in Microsoft(r) virtual machine (Microsoft VM). If a malicious web site operator were able to coax a user into visiting his site, the vulnerability could allow him to take any desired action on a visiting user's machine. (go here)
Patch Available for "Cached Web Credentials" Vulnerability
When a user authenticates to a secured web page via Basic Authentication, IE caches the userid and password that were used, in order to minimize the number of times the user must authenticate to the same site. By design, IE should only send the cached credentials to secured pages on the site. However, it will actually send them to non-secure pages on the site as well. If a malicious user had complete control of another user's network communications, he could wait until another user logged onto a secured site, then spoof a request for a non-secured page in order to collect the credentials. (go here)
Microsoft Security Bulletins X2!!
Patch Available for "WebTV for Windows Denial of Service" - Microsoft has released a patch that eliminates a security vulnerability in Microsoft(r) WebTV for Windows. The vulnerability could allow a malicious user to remotely crash systems running WebTV for Windows. (go here)
Patch Available for "Malformed IPX NMPI Packet" Vulnerability - Microsoft has released a patch that eliminates a security vulnerability in Microsoft(r) Windows 95, Windows 98, 98 Second Edition and Windows Me. The vulnerability could be used to cause an affected system to fail, and depending on the number of affected machines on a network, potentially could be used to flood the network with superfluous data. The affected system component normally is present only if it has been deliberately installed. (go here)
Microsoft Virtual Machine for Internet Explorer 5.5
The Microsoft® virtual machine (Microsoft VM) is designed to run on Microsoft® Windows® 95, Microsoft® Windows® 98, Microsoft® Windows® Millennium Edition (Me), Microsoft® Windows NT® 4.0, and Microsoft® Windows® 2000 or later. This version of the Microsoft VM is compatible with Microsoft® Internet Explorer 4.01 and later. For a complete list of updates made to build 3318, view the list of fixes. Important This version of the Microsoft VM (build 3318) includes a fix to the security issue referenced in Microsoft Security Bulletin MS00-075 and previously available for the 3300 series as a separate patch. (go here)
Windows Media Player 7 PowerToys
The Microsoft® Windows Media™ Player 7 team has put together a set of utilities called PowerToys. So what are PowerToys? These are add-ons and other utilities that enhance Windows Media Player 7. We think advanced power users will get as much of a kick out of using our new PowerToys set as our developers did building them. Of course, PowerToys aren't supported, so Microsoft Technical Support won't be able to answer any questions about them. But give them a whirl! (go here)
Phew...that about does it for that. Enjoy the fixes and updates! Visit Win98Central for all kinds of information about security updates and patches.