Patch for Tools Management Console's TaskPad Scripting Vulnerability Affected Software Versions: ·Microsoft Windows 98 Resource Kit ·Microsoft Windows 98 Resource Kit Sampler ·Microsoft BackOffice Resource Kit, second edition Summary: Microsoft has released a patch that eliminates a vulnerability in the TaskPads feature, which is provided as part of Microsoft Resource Kit products for Windows 95, 98 and Windows NT. The vulnerability could allow a web site to run executables on the computer of a user who had installed one of the affected Resource Kits. A fully supported patch is available to fix this vulnerability, and Microsoft recommends that affected customers download and install it. When installed the respective patch will check the system for the vulnerability and repair it. In addition, a measure will be introduced to prevent accidental reinstallation of the TaskPads' functionality. Issue: The "TaskPads" feature within the Resource Kit’s Tools Management Console Snapin allows users to view and run Resource Kit Tools via an HTML page rather than from the standard Large Icon, Small, Icon, List, and Detailed Views. It is included in several Resource Kit products for Windows 95, 98 and Windows NT, as detailed in Affected Software Versions. It is not installed by default on Windows 95, 98 or Windows NT. A vulnerability results because certain methods provided by TaskPads are incorrectly marked as safe for scripting and can be misused by a web site to invoke executables on the user’s workstation. While there have not been any reports of customers being adversely affected by these problems, Microsoft is releasing a patch to proactively address this issue. The patch for this issue works by removing the TaskPads functionality, which is rarely used. It does not affect any other features of the affected products. Installation: Windows NT 4(Intel/x86 Customers)-Download and Execute "itmcpatch.exe" Windows NT 4(Alpha/Axp Customers)-Download and Execute "atmcpatch.exe" Windows 95/98 -Download and Execute "tmcpatch.exe" Additional Information: Additional infomation can be found on the World Wide Web at: http://www.microsoft.com/security/bulletins/ms99-007.asp