home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
ftp.microsoft.com
/
2002-07-02_ftp.microsoft.com.zip
/
Reskit
/
win98
/
taskpads
/
readme.txt
Wrap
Text File
|
1999-02-22
|
2KB
|
51 lines
Patch for Tools Management Console's TaskPad Scripting Vulnerability
Affected Software Versions:
╖Microsoft Windows 98 Resource Kit
╖Microsoft Windows 98 Resource Kit Sampler
╖Microsoft BackOffice Resource Kit, second edition
Summary:
Microsoft has released a patch that eliminates a vulnerability in the TaskPads
feature, which is provided as part of Microsoft Resource Kit products for
Windows 95, 98 and Windows NT. The vulnerability could allow a web site to
run executables on the computer of a user who had installed one of the affected
Resource Kits.
A fully supported patch is available to fix this vulnerability, and Microsoft
recommends that affected customers download and install it. When installed the
respective patch will check the system for the vulnerability and repair it. In
addition, a measure will be introduced to prevent accidental reinstallation of the
TaskPads' functionality.
Issue:
The "TaskPads" feature within the Resource KitÆs Tools Management Console Snapin
allows users to view and run Resource Kit Tools via an HTML page rather than from
the standard Large Icon, Small, Icon, List, and Detailed Views. It is included in
several Resource Kit products for Windows 95, 98 and Windows NT, as detailed in
Affected Software Versions. It is not installed by default on Windows 95, 98 or
Windows NT. A vulnerability results because certain methods provided by TaskPads
are incorrectly marked as safe for scripting and can be misused by a web site to
invoke executables on the userÆs workstation.
While there have not been any reports of customers being adversely affected by
these problems, Microsoft is releasing a patch to proactively address this
issue. The patch for this issue works by removing the TaskPads functionality,
which is rarely used. It does not affect any other features of the affected
products.
Installation:
Windows NT 4(Intel/x86 Customers)-Download and Execute "itmcpatch.exe"
Windows NT 4(Alpha/Axp Customers)-Download and Execute "atmcpatch.exe"
Windows 95/98 -Download and Execute "tmcpatch.exe"
Additional Information:
Additional infomation can be found on the World Wide Web at:
http://www.microsoft.com/security/bulletins/ms99-007.asp