COMMAND

    kernel

SYSTEMS AFFECTED

    Win 9x

PROBLEM

    Windows for Workgroups(r)  provided a RAM-based  caching mechanism
    that cached the user's plaintext   network credentials for use  by
    real-mode  command-line  networking   utilities.   Part  of   this
    mechanism was carried forward into the Windows 95 and 98  designs,
    even though it  is not used  by  either.   A malicious user  could
    query  this  mechanism  to  obtain  the network credentials of the
    last person  to use  the machine  for network  access, as  long as
    they had  physical access  to the  machine   and it  had not  been
    rebooted since the last networking session.

SOLUTION

    Patch availability:

    - Windows 95:
        http://www.microsoft.com/windows95/downloads/contents/WUCritical/password/default.asp
    - Windows 98:
        http://www.microsoft.com/windows98/downloads/contents/WUCritical/password/default.asp