Windows
UpdatesWindows is under constant development and refinement. Periodically, Microsoft releases hotfixes and service packs ( really cumulative hotfixes ! ), which are designed to improve the performance of existing installations, or eliminate some known vulnerability with either the operating system or applications which are installed in the windows environment. We have assembled and tested some of these patches. In most cases, the installation amounts to applying a self expanding file, which invariably will prompt the user to restart windows. Almost all of the updates will on completion, increment the version release of either specific files or the affected application. As a result, altering certain windows components, or reinstalling a patched application, will return the installation to the older file versions. In this case, the patches must be reinstalled. As a precaution, you should always backup your data files before applying any major updates. Microsoft is usually quick to point out that while their patches have been regression tested, they may not perform the same way in every situation.
Year 2000 Updates
The year 2000 problem is both a hardware and software problem and contrary to popular belief, does not start or end with January 1, 2000. Although now a very prominent issue, Y2k is by no means new. The problem began because at that time, data storage was very valuable. By asking software developers to conserve two bytes per record (for example the "19"of 1975), organizations were able save millions of dollars. In addition, programmers and hardware vendors didn't expect that the products they were developing would still be in use 20 or 30 years later. Apart from this, the way date entry is performed still shows a strong habit towards using 2-digits or some other shortened form of date information. The result is that in some cases, even recently released software is vulnerable to y2k issues.
Date information is handled in three areas, the system BIOS (basic input-output system), the RTC (real time clock) and the operating system. A key part of understanding how Y2K issues will affect you, is knowing what your PC's RTC/BIOS will do as it performs Power On Self Tests (POST) and how your operating system will respond after the rollover. The RTC chip is battery powered to ensure it can keep time even when the PC is turned off. It typically contains seven registers that store time and date values: seconds, minutes, hours, days, months, and years. Six of these registers are updated automatically. The year register stores only the last two digits– "99" in 1999 or "00" in 2000. A seventh one, called the century register, stores the first two digits of the 4-digit year. The century register reads either "19" in 1999 or "20" in 2000 and is not updated automatically. It will change only if updated by either the BIOS or the operating system. In older PCs, the BIOS software may not roll over automatically to 2000. An easy workaround for Windows users is to reset the date in Control Panel. The machine's BIOS and operating system should then maintain the date properly. In some case, BIOS Setup may simply refuse to accept dates after 12/31/1999, or dates within specific date ranges. In a nutshell, Y2K is the result of using only 2 digits to represent a four-digit year, the failure of some systems progress automatically into next century, and problems handling leap years and certain dates (e.g February 29 ). Also, some applications capture date information from date codes built in or directly from the RTC rather than the operating system. .
The core of the Windows operating system is compliant. However, there are compliance issues with a small subset of functions. Windows operating systems will also insulate applications from most, though not all, Year 2000 rollover issues. When the Windows NT operating system starts up, it directly accesses the RTC memory and uses its time and date values to set the system time and date. Whenever Windows NT reads dates between 1900 and 1919 in the RTC it adds 100 to the year. In effect, it maps the time period forward to 2000 – 2019. Windows NT does not add 100 to dates between 1920 and 1999. Logic built into the Windows 98 operating system will automatically set the date forward at boot time if the BIOS does not roll over the RTC to 2000. However, the system does not automatically compensate for BIOSes that change valid dates. In most cases, users should be able to address common rollover errors by resetting the date in Control Panel or by using the DATE command in MS-DOS. Windows 95, Windows 98 and Windows NT version 4.0 are compliant after the recommended action is taken.
The impact of the Y2K problem is difficult to quantify. In some cases, a failure is obvious. For example, a non-compliant order entry application might not allow any orders to be entered after the year 2000 if it treats 00 as an invalid number. A partial breakdown, which might be more common, is a more difficult to recognize and a result, can have farther-reaching consequences than a complete system failure. In cases of financial transactions, a calculation error may produce results which the user assumes are correct, that will quickly snowballs. It becomes incumbent upon the operator of that application to recognize that there has been miscalculation. A large number of automated systems have embedded microprocessors that handle date information and could be affected by Y2K problems. Microprocessors embedded within components of transportation systems, manufacturing facilities, security systems, networks, telephone systems, or power grids, may be dependent on date-related information. For example, a business phone system may experience subtle problems in some subset of its features. In most cases, a dial tone will still be available and the phone may seem to function normally. The problem may occur with the reports that detail call duration and time. For organizations that use this information for billing and/or tracking, a problematic report presents an immediate problem for automated billing. In this event, the best approach is to make contingency plans and secure all date-sensitive data.
cu1 Windows 98 Year 2000 Update | File Name: y2k.exe | 1.22 mb
This component is part of the Windows 98 Customer Service Pack. This update corrects
several minor issues associated with generating dates after January 1, 2000. They include
the display of leap year calculations in some circumstances, handling of some date/time
settings, and incorrect logging of on-line calling. The updated components include
regional settings, phone dialer, the date/time applet and wordpad. This update is also
included with Internet Explorer Service Pack 2.
Affected: Windows 98. Details
cu2 Windows 98 Year 2000 Update 2 | File Name: y2kw98-2.exe | 636 kb
This component is part of the Windows 98 Customer Service Pack. This new update corrects
some minor issues associated with generating dates after January 1, 2000 discovered after
the first year2000 update. It does not include previously identified issues, included in
Windows 98 Year 2000 Update, and must be installed after that update.
Affected Products: Windows 98, Windows 98 Second Edition Details
cu3 Windows95 Year 2000
Update | File Name: w95y2k.exe | 2,227 kb
This update corrects several issues associated with generating dates after
January 1, 2000 in Windows 95. Components affected include the windows file manager,
date/time applet in the control panel, phone dialer, DHCP implementation and windows
"command.com". This update can be applied only to Windows 95.
Affected: All versions of Windows 95 Details
cu4 Internet Explorer 4.0 Service Pack 2 | File Name: ie4.01w9xsp2.zip | 24.6 mb
This component is part of the Windows 98 Customer Service Pack. It includes Year 2000
compliance and security fixes, performance improvements, and resolves other minor issues.
Because Service Packs are cumulative, this release contains all previous Service Pack
updates and any new updates that are available. You can download the setup file, which will initiate a direct download from
the Microsoft web site.
Affected: Internet Explorer 4.0, 4.01, and 4.01 with SP1
cu5 Updated Microsoft
Virtual Machine | File Name: msjavx86.exe | 5,121 kb
This is an essential update for the Java Virtual Machine ( msjava.dll ). This update
corrects minor issues associated with generating dates on your computer on or after
January 1,2000.
Affected: Window 95, Window 98, Windows 98 second edition, Windows NT 4.0
cu6 Outlook Express Year 2000 Update | File Name: en-x86-q234680.exe | 140 kb
This component is part of the Windows 98 Customer Service Pack and is nicknamed
"outlook express service pack 2". Download this fix to resolve two digit
shortcut handling with Outlook Express 4.01. Outlook Express must interpolate with other
mail clients, which may not be compliant or handle date information in the same way. This
affects filtering of messages and and "delete messages from server after" a
specified number of days.
Affected: Outlook Express 4.01, Outlook Express 4.01 with SP1 Details
Summary
cu7 Office 97 Year2000 Updates,
SR1,SR2 & Jet Update
File Name: sr1off97.exe,sr2aoff97.exe & Jet35sp2.exe | 8.47 mb, 23 mb & 1.04 mb
The year 2000 compliance update is included in two customer service
packs for Office 97. These updates must be applied consecutively. The Jetupdate updates 4
files in the system directory used by Microsoft Access, and should be also be applied.
Affected: All Office 97 Versions Details
Other Updates
su1 Windows Security Update 2, November 29, 1999
File Name: 168u5us8.exe | 162 kb
This update eliminates the "Legacy Credential Caching" vulnerability in
Microsoft Windows. Installing this update will prevent a malicious user from acquiring
your network password. This vulnerability does not affect Windows 98 Second Edition.
Affected: Windows 95, Windows 98
su2 Windows Security Update 1, November 29, 1999
File Name: 238453us8.exe | 194 kb
This update eliminates the "Spoofed Route Pointer" vulnerability in Microsoft
Windows. This vulnerability could allow a malicious user to obtain network or other
information by performing source routing via your computer, even if source routing has
been disabled. Installing this update will eliminate this vulnerability and provide
additional control over source routing.
Affected: Windows 95, Windows 98, Windows 98 Second Edition, NT 4.0
su3 Windows Security Update, November 12, 1999
File Name: 245729us8.exe | 170 kb
This update eliminates the "File Access URL" vulnerability in Microsoft Windows.
Installing this update will prevent a malicious web site or e-mail message from exploiting
that vulnerability to cause your computer to crash or run arbitrary code. Windows 98
Second Edition is not affected by this vulnerability
Affected: Windows 95, Windows 98
su4 Internet Explorer Security Update, November 3, 1999
File Name: q243638.exe | 1,080 kb
Installing this update will eliminate the "IFRAME ExecCommand" and
"Download Behavior" vulnerabilities found in Internet Explorer. With this
update, you can prevent a malicious web site operator from reading files on your computer
and/or local intranet without your permission by altering the security zones within
Internet Explorer
Affected: Internet Explorer 4 prior to SP2, Internet Explorer 5
su5 'Dotless IP Address' Security Update
File Name: ie4dia.exe | 380 kb
This update addresses a vulnerability in Internet Explorer that might allow a hacker to
bypass certain Internet Explorer Security Zones settings. This does not affect Internet
Explorer 5.
Affected: Internet Explorer 4.0, 4.01, 4.01 SP1.
su6 Outlook Express 'File Attachment' Security Update
File Name: oedatsp1.exe | 1,130 kb
This security update nicknamed Outlook Express "service pack 1", resolves an
issue that can cause Outlook Express to close unexpectedly when you open a message that
contains an attachment with an extremely long name. Downloading this update will prevent
possible unauthorized access to your computer. Outlook 97 is not affected by this
vulnerability.
Affected: Outlook Express, Outlook 98
su7 Internet Explorer 'Frame Spoof' Security Fix
File Name: 3214.exe | 1,845 kb
This patch corrects a vulnerability in Internet Explorer that could allow a malicious web
site operator to create a bogus windows that imitates a windows on a legitimate web site
to capture personal information.
Affect: Internet Explorer 4, 4.01, 4.01 SP1
ax1 Internet Explorer Security Update, November 8, 1999
File Name: q244540.exe | 244 kb
Installing this update will eliminate the "Active Setup Control" vulnerability.
With this update, you can prevent an outside user from using a particular ActiveX control
to automatically run a malicious email attachment saved on your computer. Mail reader
applications affected by this vulnerability include Outlook and Outlook Express.
Affected: Outlook Express, Internet Explorer 4.0, Internet Explorer 5
ax2 Internet Explorer
Security Update, September 30, 1999
File Name: ie4fav.exe
& ie5fav.exe
| 116 kb, 481 kb
This update eliminates two security vulnerabilities in Internet Explorer:
1)ImportExportFavorites Issue and 2) Unsafe ActiveX Controls. Installing this update will
prevent a web site operator from writing malicious files to your computer and, it will
also prevent a web site from running several unsafe ActiveX controls without your
permission by prompting Internet Explorer for user action.
Affected: Internet Explorer 4, Internet Explorer 5
ax3 Update for Security Vulnerabilities in
"Scriptlet.typlib" and "Eyedog" ActiveX Controls
File Name: q240308.exe | 109 kb
This update eliminates security vulnerabilities in two ActiveX controls: Scriptlet.typlib
and Eyedog. Without this update, these controls can be maliciously used to perform
unauthorized actions on a user's computer.
Affected: Internet Explorer 4, Internet Explorer 5
ax4 Info
& Privacy Update
File Name: dhtmled4.exe & dhtmled5.exe | 170 kb, 574
kb
This update eliminates a vulnerability in DHTML Edit control, an ActiveX control, which is
distributed with Internet Explorer 5 and that can be downloaded for use in Internet
Explorer 4.0. The vulnerability could allow someone to read information that you have
loaded into the control, and it also could allow files with known names to be copied from
your local hard drive.
Affected: Internet Explorer 4, Internet Explorer 5
ax5 Internet Explorer 'Window.External.JScript'
Security Update
File Name: scr31.exe | 480 kb
This security update resolves an issue that can cause Internet Explorer to close
unexpectedly when browsing a web page that contains malicious JScript script.
Affected: Internet Explorer 4.0, 4.01, 4.01 SP1
Summary
tcp1 "Fragmented IGMP Packet"
Security Update
File Name: 3304up95.exe,
3304up98.exe
& 3304upse.exe
| 169 kb,169 kb & 177 kb
This update eliminates a vulnerability in TCP/IP stack implementations of Microsoft
Windows. Fragmented IGMP packets can cause a variety of system problems and may cause an
affected computer to crash.
Affected: Windows 95, Windows 98, Windows 98 Second Edition, NT 4.0
tcp2 Malformed Telnet Argument
File Name: telnetup.exe | 147 kb
This update eliminates a vulnerability in the Telnet client that ships as part of Windows.
The vulnerability could allow a web page to take malicious action on the computer of the
user who visited the page.
Affected: Windows 95, Windows 98, Windows 98 Second Edition
tcp3 Microsoft
Virtual Private Networking
File Name: vpnupd.exe | 342 kb
This update improves Virtual Private Networking stability while adding some security
features previously released in the Windows 98 Dial-up Networking Security Upgrade.
Affected: Windows 95, Windows 98
tcp4 DUN 1.3 Upgrade for Windows 95
File Name: msdun13.exe | 2,301 kb
This is a very susbstantial update for Windows 95 Dial Up Networking. This
upgrade includes support for VPNs and stability improvements. You will require the Windows
95 CD rom to complete this installation and the update should be installed in conjuction
with the update for windows socket service ( "Winsock" ) .
Affected: All versions of Windows 95
tcp5 Windows Socket Service
("winsock") Ver 2
File Name: w95ws2setup.exe | 964 kb
Winsock v2 makes considerable performance improvements over the first
winsock iterations issued with Windows 95. Windows 98 ships with the new windows socket
service and is not affected by this upgrade.
Affected: All Windows 95 versions
tcp6 DUN 4.0 Update for Windows 98
File Name: dun40.exe | 318 kb
This is discrete update for Windows 98 Dial Up Networking. Windows 98 SE
does not require this patch.
Affected: Windows 98 (original)
tcp7 Incremental TCP/IP Updates for Windows 95
File Names: vtcpud.exe,
vtcpup11.exe,
vipup11.exe
& vipup20.exe
Size: 251 kb, 152 kb, 163 kb, & 173 kb
Updates for the TCP/IP suite that ships with Windows 95. These updates must
be applied consecutively and will improve the file version of several core files within
TCP/IP.
Affected: All Windows 95 versions
pu1 Windows 98 Second Edition Shutdown
Supplement
File Name: 4756us8.exe | 505 kb
Addresses shutdown issues on systems with specific hardware/software configurations
running Windows 98 Second Edition. These issues include systems restarting when
selecting shutdown and systems hanging on shutdown.
pu2 NetMeeting 3.0
File Name: nm30.exe | 1.55 mb
Download this component and turn your PC into a videophone to see and talk to family
or friends. At work, hold business meetings online and collaborate on documents over
your company network or the Web.
pu3 Internet Explorer 5.01
File Name: msie5.zip | 63.9 mb
With Internet Explorer 5.01 you can browse, communicate and collaborate on the Web.
Summary
pu4 Internet Explorer 5.1 SP2
File Name: ie5.1.zip | 17.1 mb
Performance updates for Internet Explorer including patches which address some
vulnerabilities to web-driven viruses such as Nimda and code red. This service pack will
also update the encryption strength to 128-bit.
pu5 Internet Explorer 6
File Name: ie6_98.zip | 17.3 mb
The newest Internet Explorer with new tools and privacy controls. This installer will also
update Outlook Express to version 6.0 and adds new pluggins to your browser. 128-bit
Encryption is supported as a standard. There is also a version for Windows ME.
On this page
Help Files
Downloads