(Another) Critical MS flaw uncovered

A software bug in a common component of Microsoft Web servers and Internet Explorer could leave millions of servers and home PCs open to attack, security researchers said Wednesday.

The vulnerability, found by security company Foundstone and confirmed by Microsoft, could allow an Internet attacker to take over a Web server, spread an e-mail virus or create a fast-spreading network worm.

"There are millions of systems and clients that will be affected by this," said George Kurtz, chief executive of Foundstone. "This is huge."

It likely affects the majority of the more than 4.1 million sites hosted on Microsoft"s Internet Information Service (IIS) software. In addition, millions of Windows 95, 98, Me and 2000 PCs could also be vulnerable to the software bug.

Microsoft rated the flaw as critical under its new vulnerability evaluation system that is intended to lessen the number of flaws that receive a "critical" rating to help administrators identify the most important vulnerabilities to patch.

"There is a possibility that it might be wormable," said Lynn Terwoerds, security program manager for Microsoft"s security response center. "It is clearly critical...we want the patch uptake to be really high."

EDIT:

[Humble mode on]Thanks to xStainDx for the heads up that nekrosoft13 had already posted this in Neowin"s Security Bulletins, Patches and Updates Forum, a cardinal sin for a newsposter not to search his own site really. Sorry guys. Also, I"d like to remind members to post in there if they come across any new security bulletins that may be of note to others.[Humble mode off]

View: MS bug exposes millions to attack

View: Microsoft Security Bulletin MS02-065

News source: MS bug exposes millions to attack

Report a problem with article
Next Article

November Cumulative Patch for Internet Explorer (Q328970)

Previous Article

Nvidia releases a screenshot of an Unreal engine tech demo