| About InfoWorld : Advertise : Subscribe : Contact Us : Awards : Events : Store |
 |
||||
|
||||
 | ||||
 |
|
|||
 | ||||
|
|
|
||
|
||||||||||||||||||||||||||||||||||||||
 NEWSMicrosoft security attack tool published on Net By Sam Costello May 3, 2001 3:01 pm PT TWO DAYS AFTER Microsoft announced an "extremely serious" flaw in its Windows 2000 server software, a tool to take advantage of that flaw is being passed around the Internet.
The flaw, which allows a buffer overflow attack against an extension that enables printing across the Internet, was originally discovered by security firm eEye Digital Security in the course of testing one of its own products about 10 days before Microsoft publicized the problem. eEye has since published its own exploit for taking advantage of the hole on its Web site. Microsoft was not surprised that an exploit became available so quickly, as "attack tools are developed for virtually all published security vulnerabilities," according to a Microsoft spokeswoman. The Redmond, Wash.-based company spread the word about the flaw and its fix so broadly on Tuesday because it knew the exploit would come eventually, the spokeswoman said. If IIS server customers have applied the patch, they will not be vulnerable to the exploit, the spokeswoman said, but added that if the patch has not been applied, the availability of a tool to attack the hole should serve as "a reminder of the need to [update] immediately." The company's original security bulletin can be found at www.microsoft.com/technet/security/current.asp. The patch is located at www.microsoft.com/Downloads/Release.asp?ReleaseID=29321. Sam Costello is a Boston-based correspondent for the IDG News Service, an InfoWorld affiliate.  RELATED ARTICLES  Microsoft admits flaw in Windows 2000 server softwareRELATED SUBJECTS SecuritySPONSORED WHITE PAPERS 
SPONSORED LINKS
|
||||||||||||||||||||||||||||||||||||||
|
||||||||||
|
||||||||||
