Internet Explorer Security Update. The latest security update for IE eliminates the "Server-Side Page Reference Redirect" and "ImportExportFavorites" vulnerabilities, each of which was previously available as a separate download. We recommend downloading both updates unless you have already downloaded the patches individually. Release Date: 12/8/99Upgrade Meter:4
Windows Security Updates 1 & 2. These two security updates eliminate the "Spoofed Route Pointer" vulnerability (Update 1) and the "Legacy Credential Caching" vulnerability (Update 2) in Windows 98, each of which was previously available as a separate download. We recommend downloading both of the Windows security updates. Release Date: 11/29/99Upgrade Meter:4
Windows Security Update. The Windows Security Update eliminates the "File Access URL" vulnerability in Windows 98, which was previously available as a separate download. Installing this update will prevent a malicious web site or e-mail message from exploiting the vulnerability to cause your computer to crash or run arbitrary code. Release Date: 11/12/99Upgrade Meter:4
Internet Explorer Security Updates. The Windows Update site finally offers a couple of security updates for Internet Explorer that have been available separately as downloadable patches for several weeks now. The first update is a patch for the "ImportExportFavorites" issue and the "Scriptlet.typelib/Eyedog" unsafe ActiveX Controls issue. These two patches were originally made available in September. The second update is a fix for the "Download Behavior" issue; the patch for this was orginially released on October 12th. Windows Update does not yet feature an update for the "IFRAME ExecCommand" and "JavaScript Redirect" vulnerabilities. We recommend downloading the two security updates from the Windows Update site if you haven't already downloaded them separately. Release Date: 10/21/99Upgrade Meter:4
Year 2000 Update 2. This is a revised Y2K update that corrects several minor issues associated with generating dates on your computer on or after January 1, 2000. The update installs both the original Windows 98 Year 2000 Update as well as the newer Y2K Update 2 if your computer does not already have the earlier Y2K update. We recommend downloading the update to ensure that your OS is completely Y2K compatible. Release Date: 8/24/99Upgrade Meter:4
Service Pack 1. The Windows 98 Service Pack 1 updates your Win98 system with a variety of bug fixes, system updates, and Y2K fixes. While the service pack doesn't include any new features (as opposed to the Windows 98 Second Edition, which contains new versions of IE, DirectX, Outlook Express, and other programs), we recommend downloading the pack to ensure that your OS is completely Y2K compatible. Release Date: 7/16/99Upgrade Meter:4
Critical Update Notification. The Critical Update Notification feature monitors your system and compares it with the Windows 98 Update product catalog. Any time a new update is released, the update feature automatically notifies you and prompts you to install the new update. One note about the update notification feature, once you install it you give Windows Update permission to scan your computer (the same way it does when you access the actual Windows Update Web site). This scan occurs in the background and only runs when you are using the Internet.
Note: A new 3.0 release of the Critical Update Notification (released June 17th) is now available. v3.0 adds a new feature that allows the component to update itself as improvements and new features become available. Microsoft recommends that you download this update even if you installed earlier 1.x or 2.x releases. Release Date: 6/17/99Upgrade Meter:5
Updated Internet Explorer Components. The Updated IE Components package available from the Windows Update site is the same download as the "MSHTML" Security Patch released earlier on the Internet Explorer Security site. The Updated IE Components/MSHTML Security Patch package is a collection of security patches and bug fixes for the HTML parsing engine in Internet Explorer 4/5 (MSHTML.DLL). Three new security vulnerabilities are addressed: 1) a privacy issue in which the 'img src' tag could be used to determine information about the files on a user's computer, a new variant of the previously identified cross-frame security vulnerability, and a new variant of the previously identified untrusted scripted paste vulnerability.
The Updated IE Components download also contains fixes the "Frame Spoof", "Untrusted Scripted Paste", and "Cross Frame Navigate" vulnerabilities. Microsoft highly recommends that users of affected Internet Explorer 4.x/5.x download the fix (once again, those who previously downloaded the "MSHTML" Security Patch will not benefit from downloading the Updated IE Components as they are the same thing). Release Date: 5/3/99Upgrade Meter:4
Java Virtual Machine Update. Microsoft has updated the Java Virtual Machine (JVM) included in Internet Explorer 4.x to comply with the preliminary injunction granted to Sun in its ongoing lawsuit against Microsoft. The updated JVM implements Sun's Java Native Interface (JNI) for creating platform-specific applets written in Java.
Note: A new update was made available on 12/8/98 with support for Internet Explorer 5.0 (Beta 2); this update also supports IE 4.x. Another update (Build 3615) was released on 1/23/99 with a fix for a minor issue associated with generating Y2K dates. Release Date: 1/23/99Upgrade Meter:2
