THE OFFICIAL BLOG OF THE SBS DIVA

Recently Microsoft changed it's support policy for the Windows 98 and
Windows ME operating systems, extending support for these platforms
until the year 2006.  The indications in the press was that this was to
assist the emerging countries and other marketplaces.  This also assists
my marketspace, the Small Business environment.  I'm a Microsoft Small
Business Server MVP and in our marketspace we still support a great deal
of Windows 98 and ME computers.

I was dismayed to find that there is a Security patch needed for Windows
98 and ME computers [Security bulletin 04-007, KB 828028] but there is
no information whatsoever on any Microsoft web site to let me and my
community know that these patches are needed and must be called for.

I have no Premier support service, no contract, no TAMS contact.  I have
no way to know that I and my community is at risk.

You and other Microsoft executives have touted the SDcubed+C.  "secure
by design, default, and deployment, plus communications"  
Communications.  That's the minimum that I need., that I'm asking from
you today.

Yes, I know that it would be wise to get people on the XP platform.  I'm
very much looking forward to SP2 on XP.  I indeed advocate that.  But in
the time being, help me, give me the tools to help my community patch
what they have.

At a minimum put the information about 98 and ME in the security
bulletins.  Let me and my community know that patches are needed for
these operating systems.

Preferably continue to provide these to Windows Update channels.

Steve Ballmer says on the Trustworthy computing page "We know it's not
enough to just do the right things; we have to do them in the right way"
http://www.microsoft.com/mscorp/legal/buscond/

Continue to produce tools to help me protect my community in the future,
but give me the information that I need today to protect my community
now.

Put information about Windows 98 and ME Security patches on the related
Security bulletin pages.

Sincerely,
Susan Bradley
CPA, CITP, GSEC, MCP
Member, Center for Internet Security
Microsoft Most Valuable Professional
Small Business Server/Security


------------------------------------------------------------------------
http://isc.incidents.org/diary.html?date=2004-02-22

"Windows 98 ASN.1 Patch
Readers reported to our handlers team that Microsoft is distributing a
patch for the ASN.1 issue to Windows 98 users per request. If you are
running Windows 98, contact your Microsoft representative for the
location of the patch.

As reported earlier, the ASN.1 advisory MS04-007 only covers newer
versions of Windows. Windows 98 is however still vulnerable.

Workaround: you may want to consider renaming or removing msasn1.dll. 
However, please test this fix carefully as it may break some software.

Careful! Do not trust any patches sent via e-mail. "

--------------------
I can confirm that if you call MS PSS, option 3 for hotfixes and ask for
hotfix for Windows 98 and Windows ME for KB 828028 you can easily get
them FOR FREE.

US (800) 936-4900 or UK (0870) 60 10 100 other numbers through
http://support.microsoft.com/common/international.aspx?gssnb=1

If you have Windows 98/Me machines, either call that number or contact
your support/TAM account representative.