Help and Support
 

powered byLive Search

Taskpads Let Web Sites Invoke Executables on a User's Computer

View products that this article applies to.
Article ID:218619
Last Review:November 1, 2006
Revision:3.2
This article was previously published under Q218619
On This Page

SYMPTOMS

Taskpads is a feature that allows users to view and run Windows management tools through an HTML page rather than the Windows control. A vulnerability has been discovered in Taskpads that lets Web sites invoke executables on a user's workstation.

Back to the top

CAUSE

This vulnerability results because certain methods provided by Taskpads are incorrectly marked as "safe for scripting."

Back to the top

RESOLUTION

A patch is available for this issue that removes the Taskpads functionality, which is rarely used.

A supported fix that corrects this problem is now available from Microsoft, but has not been fully regression tested and should be applied only to systems determined to be at risk of attack. Please evaluate your system's physical accessibility, network and Internet connectivity, and other factors to determine the degree of risk to your system. If your system is sufficiently at risk, Microsoft recommends you apply this fix.

To resolve this problem immediately, obtain the fix as described below. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS (http://support.microsoft.com/default.aspx?scid=fh;en-us;cntactms)

Back to the top

Windows 98 Resource Kit and Windows 98 Resource Kit Sampler

This patch has been posted to the following Internet location:
ftp://ftp.microsoft.com/reskit/win98/taskpads/ (ftp://ftp.microsoft.com/reskit/win98/taskpads/)

Back to the top

BackOffice Resource Kit, Second Edition

This patch has been posted to the following Internet locations:
x86:
ftp://ftp.microsoft.com/reskit/nt4/x86/taskpads/ (ftp://ftp.microsoft.com/reskit/nt4/x86/taskpads/)
Alpha:
ftp://ftp.microsoft.com/reskit/nt4/alpha/taskpads/ (ftp://ftp.microsoft.com/reskit/nt4/alpha/taskpads/)

Back to the top

STATUS

Microsoft has confirmed that this problem may result in some degree of security vulnerability in Taskpads included with the Windows 98 Resource Kit, the Windows 98 Resource Kit Sampler, and the BackOffice Resource Kit, second edition.

Back to the top

MORE INFORMATION

Taskpads is included with:
Microsoft Windows 98 Resource Kit
Microsoft Windows 98 Resource Kit Sampler (included as part of Windows 98 but not installed by default)
Microsoft BackOffice Resource Kit, second edition

Back to the top

APPLIES TO
Microsoft Windows 98 Standard Edition
Microsoft BackOffice Server 4.0

Back to the top

Keywords: 
kbbug kbfix kbqfe KB218619

Back to the top

Article Translations

 

Related Support Centers

Other Support Options

  • Need More Help?
    Contact a Support professional by E-mail, Online or Phone.
  • Customer Service
    For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
  • Newsgroups
    Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.