Microsoft warns of 'serious' software hole Wednesday, 2 May, 2001, 12:33 GMT 13:33 UK - A serious security vulnerability has been found in the Microsoft software used to keep millions of websites running. Security experts who discovered the hole said malicious hackers could use it to take over a server, letting them view, change or steal almost any of the information held on it. Microsoft said the vulnerability was so serious that it started contacting many of the high-profile users of the at-risk software. It urged all other users of the software to apply patches immediately. The loophole is only the latest in a series of security holes that have been found in Microsoft products that millions of people use to run or view websites. Yesterday Microsoft issued a warning to many of the users of its Windows 2000 server software "strongly urging" them to update the software with a security patch to close a serious vulnerability. Although the vulnerability was discovered on 19 April, Microsoft did not publicise it until a patch was available. EEye Digital Security discovered the bug, which affects Windows 2000 Servers running the Internet Information Server 5.0 (IIS) add-on. Many organisations use this software to run websites. Riley Hassell at eEye said the bug was serious because it was so easy to exploit. The flaw uses the remote printing protocols inside the software. When the right string of text is sent, it causes the software to return an unsecured command prompt, effectively giving high-level access to a server. The string of text need only be 420 characters long. This sentence, including spaces, is 56 characters long. "It does not matter what kind of security systems you have in place, firewalls, intruder detection systems, etc.," eEye wrote in its alert about the bug, "because all of those systems can be bypassed and your web server can be broken into via this vulnerability. The default set-up of the software leaves the vulnerability open." Windows 2000 Server was released in February last year and over one million companies have licensed it. Web watching company Netcraft performs regular surveys of server software and its latest poll reveals that almost 20%, almost 6 million, of web servers are running one flavour or other of Microsoft IIS. Earlier versions of IIS are not vulnerable to the bug. Although Microsoft has contacted many users of the Windows 2000 Server software, it is unlikely that all of them will apply the patch and many sites could be left open to attack. In 1998, the RDS (Remote Data Services) bug was discovered that also affected IIS. Some computer criminals are known to have exploited this to steal credit card numbers and deface websites. Even now, three years after it was found, up to 25% of sites are thought to have left the hole unpatched. The printing protocol bug is only the latest in a string of security problems and vulnerabilities traced to Microsoft products. Viruses such as Melissa and the Love Bug only proliferated because of the lax controls Microsoft Outlook places on the files attached to e-mail messages. In October last year, a serious bug also in IIS came to light that let hackers using malformed URLs look at supposedly secure files and directories on a server. Related to this story: When paper clips attack (18 May 00 | Sci/Tech) Microsoft holds back the hands of time (03 Aug 00 | Sci/Tech) Hacker attack exposes Windows weakness (06 Mar 98 | Sci/Tech) Fresh web security scare (11 Jan 00 | Business) System to combat e-mail viruses (24 Apr 01 | Sci/Tech) Locking up Outlook (09 Jun 00 | Sci/Tech) Microsoft hit by hacker attack (26 Jan 01 | Business) Internet links: Microsoft security bulletin eEye Digital Security Netcraft survey By BBC News Online technology correspondent Mark Ward BBC News Online: Sci/Tech http://news.bbc.co.uk/low/english/sci/tech/newsid_1308000/1308267.stm janet paterson, an akinetic rigid subtype, albeit perky, parky PD: 54/41/37 CD: 54/44/43 TEL: 613 256 8340 EMAIL: [log in to unmask] "a new voice" home page: http://www.geocities.com/janet313/ . "new voice news" latest posts: http://groups.yahoo.com/group/nvnNET/ . ---------------------------------------------------------------------- To sign-off Parkinsn send a message to: mailto:[log in to unmask] In the body of the message put: signoff parkinsn