Microsoft announced that they will not provide a patch for Windows 98 and ME for MS06-015 "Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531)". The choice appears to be related to the amount of effort needed to patch the problem and the fact that those Operating systems reach the end of their lifecycle on June 11th.
The suggested workaround is blocking incoming traffic to TCP port 139 on any unpatched systems. This should at best be a temporary step; unsupported operating systems are a greater liability than supported ones.
Many thanks to everyone that sent us a pointer to this story.
More details can be found at:
Jun 9th 2006
1 decade ago