Plus 98, an optional package that extends Windows 98 and Windows 98 Second Edition, introduced a data-compression feature called Compressed Folders that was also included in Windows Me. For interoperability with leading third-party compression tools, it provides a password protection option for folders that have been compressed. However, due to a flaw in the package s implementation, the passwords used to protect the folders are recorded in a file on the user s system. If an attacker gained access to an affected machine on which password-protected folders were stored, she could learn the passwords and access the files.
The patch will prevent passwords from being written to the user s system in the future. After applying the patch, it is important to also delete c:windowsdynazip.log to ensure that all previously recorded passwords are deleted.