Used Microsoft Plus 98 Exposed Passwords in Compressed Files Vulnerability Patch for Windows?
Clicking on the Download Now (Visit Site) button above will open a connection to a third-party site. Download.com cannot completely ensure the security of the software hosted on third-party sites.
Use this to patch a security vulnerability that could reveal the password to compressed files.
Plus 98, an optional package that extends Windows 98 and Windows 98 Second Edition, introduced a data-compression feature called Compressed Folders that was also included in Windows Me. For interoperability with leading third-party compression tools, it provides a password protection option for folders that have been compressed. However, due to a flaw in the package s implementation, the passwords used to protect the folders are recorded in a file on the user s system. If an attacker gained access to an affected machine on which password-protected folders were stored, she could learn the passwords and access the files.
The patch will prevent passwords from being written to the user s system in the future. After applying the patch, it is important to also delete c:windowsdynazip.log to ensure that all previously recorded passwords are deleted.
