Microsoft has given up on the idea of patching a critical security vulnerability in Windows 98 and Windows ME. The company is set to cease support for the two operating systems shortly.
The flaw has to do with the way Windows Explorer handles the Component Object Model objects used by Windows programs. Attackers could take over a system by tricking users into visiting a website that would then connect them to a remote file server. "This remote file server could then cause Windows Explorer to fail in a way that could allow code execution," Microsoft said.
Microsoft had fixed the problem in most of its Windows products on 11 April. At the time, it had promised to deliver a patch for Windows 98 and ME "as soon as possible."
However, on Thursday, the company updated its bulletin on the issue, saying that this fix would require a lot of work and would possibly break applications being used on these platforms.
"After extensive investigation, Microsoft has found that it is not feasible to make the extensive changes necessary... to eliminate the vulnerability," Microsoft's bulletin states. "We have found that these architectures will not support a fix for this issue now or in the future. "
Microsoft is about to stop providing security fixes for Windows 98 and ME altogether. The company's next monthly patch release next Tuesday is the last scheduled security fix for the two operating systems.