Microsoft warns of design flaw on newest software (archive reprint)

http://www.cbc.ca/stories/2003/07/17/Consumers/Microsoftflaw_030717

Microsoft warns of design flaw on newest software
Last Updated Thu Jul 17 16:49:48 2003
WASHINGTON-- Microsoft has admitted there's a dangerous design flaw in its latest Windows Server 2003 software. The software is aimed at large corporate customers.

The company says the flaw could allow hackers to seize control of a Windows computer over the Internet, stealing data, deleting files or eavesdropping on e-mail.

The flaw also affects Windows versions popular among home users.

The company is urging customers to immediately apply a free software patch available from the Microsoft Web site.

The software was the first product sold under the "Trustworthy Computing" intitiative launched last year by Microsoft founder Bill Gates.

At the time, it was hailed as a "breakthrough in terms of built-in security and reliability."

The announcement comes just after the U.S. Department of Homeland Security awarded a multi-million dollar contract for Microsoft to supply software for the agency's new computers.

"This is one of the worst Windows vulnerabilities ever," said Marc Maiffret of eEye Digital Security in California. Maiffret warns customers that "until they have this patch installed, it will be Swiss cheese — anybody can walk in and out of their servers."

Microsoft spent hundreds of millions on security improvements but Polish researchers managed to bypass the additional protections three months after the software went on sale in April.

Russ Cooper of TruSecure Corp. says the flaw "poses an enormous threat." He warns hackers can take apart patches Microsoft provides to figure out how to exploit the vulnerability.

"I expect we would see something (hacked) in a three-month time frame," predicted Cooper.



Written by CBC News Online staff


Copyright © 2003 Canadian Broadcasting Corporation - All Rights Reserved