MS Beta newsgroups security flaw fixed

As we posted early yesterday, we received information that there was a security hole in MS beta newsgroups, which let anyone with a valid beta account view all the newsgroups on the server. This issue has now been fixed. When trying to use the exploit now gives a "file not found error".

Microsoft has given Neowin an official response:

Earlier this week, Microsoft found and fixed an error on Betanews that could allow members of Microsoft"s Beta tester programs to view newsgroups for products beyond those they were testing. This error did not compromise any customer data. Those accessing sites not associated with their particular beta had only viewing rights. They were not able to post responses or provide input. These newsgroups offer beta testers a venue in which they can provide feedback to Microsoft and discuss with other beta testers ideas and information each has gained during the beta testing process.

The exploit explained:

Log into web news and click on any beta program you are enrolled in. In your Address Bar (https://webnews.microsoft.com/newsgr...ult.asp?icp=xxx) Replace the ICP number (in bold) with one corresponding to another newsgroup and it will be displayed. Read more for The ICP list

View: Neowin Post: Microsoft BetaNews "Wide Open"

Report a problem with article
Next Article

Invision Power Board v1.2 FINAL

Previous Article

Neowin Server Tweaking