- The Washington Times - Thursday, April 11, 2002

SEATTLE (AP) Microsoft Corp. released a patch yesterday to fix 10 newly discovered security flaws in its Web server software, the most serious of which could let a hacker take over someone else's server.
The flaws affect the last three versions of Microsoft's Internet Information Server and Internet Information Services software, which are run on millions of computers worldwide. Weaknesses in the same Microsoft software allowed the Code Red and Nimda worms to spread across the Internet last year.
The most recent flaws, discovered by Microsoft and several security experts, generally will not affect home computers.
The most serious vulnerability would allow a hacker to shut down, deface or plant malicious programs on a company's Web site. It was discovered by an engineer at EEye Digital Security.
Security guru Marc Maiffret, who calls himself EEye's chief hacking officer, said more weaknesses have been discovered in Microsoft's IIS Web server software than in the software of some of its competitors, which could "make it a little bit scarier running IIS."
But he said that most companies including EEye, which uses IIS think the software's rich feature offerings outweigh the risk, as long as companies have a strong security product protecting the Microsoft software.
The latest flaws were discovered as Microsoft undergoes an intensive companywide campaign to stamp out security problems, an effort ordered by its chairman and chief software architect, Bill Gates.
Mr. Gates' plan, called "Trustworthy Computing," followed a series of embarrassing security flaws, including a critical problem that surfaced soon after the company released its latest version of Windows, called Windows XP. Microsoft released a patch in December to fix the flaw, which could allow hackers to steal or destroy a victim's data files without the user doing anything more than connecting to the Internet.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide