Microsoft warns of design flaw on newest software
Last Updated Thu Jul 17 16:49:48 2003
Microsoft has admitted there's a dangerous design flaw in its latest
Windows Server 2003 software. The software is aimed at large corporate
The company says the flaw could allow hackers to
seize control of a Windows computer over the Internet, stealing data,
deleting files or eavesdropping on e-mail.
The flaw also affects Windows versions popular among home users.
The company is urging customers to immediately apply a free software patch available from the Microsoft Web site.
software was the first product sold under the "Trustworthy Computing"
intitiative launched last year by Microsoft founder Bill Gates.
At the time, it was hailed as a "breakthrough in terms of built-in security and reliability."
announcement comes just after the U.S. Department of Homeland Security
awarded a multi-million dollar contract for Microsoft to supply software
for the agency's new computers.
"This is one of the worst
Windows vulnerabilities ever," said Marc Maiffret of eEye Digital
Security in California. Maiffret warns customers that "until they have
this patch installed, it will be Swiss cheese — anybody can walk in and
out of their servers."
Microsoft spent hundreds of millions on
security improvements but Polish researchers managed to bypass the
additional protections three months after the software went on sale in
Russ Cooper of TruSecure Corp. says the flaw "poses an
enormous threat." He warns hackers can take apart patches Microsoft
provides to figure out how to exploit the vulnerability.
"I expect we would see something (hacked) in a three-month time frame," predicted Cooper.
Written by CBC News Online staff
Copyright © 2003 Canadian Broadcasting Corporation - All Rights Reserved