Yahoo! News News Home - Yahoo! - Help

AP
Welcome, Guest Personalize News Home Page   -   Sign In
Yahoo! News   Thu, Jul 17, 2003
Search    for     Advanced
News Front Page
Top Stories
Business
World
Entertainment
Sports
Technology
   Internet
   Personal Tech.
   Communications
   Software
   Enterprise
   Apple/Macintosh
   Linux/Open Source
Most Popular
Tech TuesdayNew
Politics
Science
Health
Oddly Enough
Op/Ed
Lifestyle
Local
Comics
News Photos
Most Popular
Weather
Audio/Video
Full Coverage
Lottery
Crosswords
News for Kids

Full Coverage
More about
Microsoft
Related News Stories
Microsoft Posts Higher Profit, Revenue Reuters (Jul 17, 2003)
Microsoft Says No Plans For Dividend washingtonpost.com (Jul 17, 2003)
Microsoft Reports Higher Quarterly Profit AP (Jul 17, 2003)
Opinion & Editorials
Has Microsoft's hero gone the way of the Mudville slugger? USA TODAY/Yahoo! News (Jul 16, 2003)
The heartening signal Microsoft has relayed Globe and Mail. (Jul 14, 2003)
Eliminating Options at Microsoft NY Times (registration req'd) (Jul 14, 2003)
Feature Articles
Is Microsoft Office 2003 Worth the Upgrade? NewsFactor/Yahoo! News (Jul 15, 2003)
Running Out of Options Newsweek (Jul 14, 2003)
Related Web Sites
Microsoft
Steve Ballmer
Bill Gates

News Resources
Providers
· Reuters
· AP
· washingtonpost.comNew
· TechWeb
· USA TODAY
· NewsFactor
· PC World
· AFP
· SiliconValley.com
· TechTarget
· Ziff Davis
News Alerts
· Bill Gates
· Windows XP
Services
· Daily Emails
· Free News Alerts

 
Technology - AP
Microsoft Admits Flaw in Windows Software
Wed Jul 16, 5:33 PM ET
Add Technology - AP to My Yahoo!

By TED BRIDIS, AP Technology Writer

WASHINGTON - Microsoft Corp. acknowledged a critical vulnerability Wednesday in nearly all versions of its flagship Windows operating system software, the first such design flaw to affect its latest Windows Server 2003 software.

Related Quotes
ISSX
MSFT
DJIA
NASDAQ
^SPC
11.53
26.69
9050.82
1698.02
981.73
-3.25
-0.83
-43.77
-49.95
-12.27

delayed 20 mins - disclaimer
Quote Data provided by Reuters

Missed Tech Tuesday?
Tame Digital Media - convert your PC into a powerful entertainment hub


 

Microsoft said the vulnerability could allow hackers to seize control of a victim's Windows computer over the Internet, stealing data, deleting files or eavesdropping on e-mails. The company urged customers to immediately apply a free software repairing patch available from Microsoft's Web site.

The disclosure was unusually embarrassing for Microsoft because it demonstrated the first such serious flaw in the company's powerful new computer server software, billed as its safest ever.

The software is aimed at large corporate customers and was the first product sold under a high-profile "Trustworthy Computing" initiative organized last year by Microsoft founder Bill Gates (news - web sites).

At the product's launch in late April, Microsoft Chief Executive Steve Ballmer declared the new version of Windows to be a "breakthrough in terms of what it means, in terms of its built-in security and reliability."

The flaw, discovered by researchers in western Poland, also affected Windows versions popular among home users.

"This is one of the worst Windows vulnerabilities ever," said Marc Maiffret, an executive at eEye Digital Security Inc. of Aliso Viejo, Calif., whose researchers discovered similarly dangerous flaws in at least three earlier versions of Windows.

Microsoft said corporate firewalls commonly block the type of data connections that hackers outside a company would need for these attacks. The flaw affects Windows technology used to share data files across computer networks.

Maiffret said that inside vulnerable corporations, "until they have this patch installed, it will be Swiss cheese — anybody can walk in and out of their servers."

Microsoft spent hundreds of millions of dollars on security improvements for its latest Windows software and included new technology to defend against a category of hacker attacks known as "buffer overflows," which can trick software into accepting dangerous commands.

But four Polish researchers, known as the "Last Stage of Delirium Research Group," said they discovered how to bypass the additional protections Microsoft added, just three months after the software went on sale.

The head of Microsoft's security response center, Kevin Kean, said improving Windows software is an ongoing process. "We continue to try to make it better and when we find a situation where techniques we've built into the system are not perfect, we go out and fix them," Kean said.

Microsoft also acknowledged a separate design flaw affecting only Windows XP (news - web sites), but it was deemed less serious because hackers would have to already have broken into a corporate network to attack victims. The company also released a patch for it.

Although the Polish researchers created a tool to demonstrate the more serious vulnerability and break into victim computers, they promised not to release blueprints for such software onto the Internet.

"We're fully aware of the potential impact," group member Tomasz Ostwald said in a telephone interview. "We don't plan to publish this code at the moment. It's too dangerous."

Ostwald said the group, which other experts said was highly regarded in the security community, expected to disclose additional details during technical presentations at upcoming security seminars.

Some experts said they expected hackers to begin using this new vulnerability to break into computers within months. Even without detailed blueprints from researchers, hackers typically break apart the patches Microsoft provides for clues about how to exploit a new flaw.

 

"We could see it in a week or a year or not at all, but I expect we would see something in a three-month time frame," said Russ Cooper of Herndon, Va.,-based TruSecure Corp.

Internet Security Systems Inc. said the Windows flaw "poses an enormous threat" and raised its alert level to its second notch, reflecting "increased vigilance." The Atlanta-based company operates an early warning network for the technology industry, the Information Technology Information Sharing and Analysis Center.

The announcement came one day after the Department of Homeland Security announced that it awarded a five-year, $90-million contract for Microsoft to supply all its most important desktop and server software for about 140,000 computers inside the new federal agency.

___

On the Net:

Microsoft Security: www.microsoft.com/security

Polish researchers: http://us.rd.yahoo.com/dailynews/ap/ap_on_hi_te/storytext/SIG=hq6vqs/*http://lsd-pl.net/special.html


Mail to Friend  Email Story
Message Boards   Post/Read Msgs (1075)
Printer Version   Print Story
Ratings: Would you recommend this story?
Not at all 1 - 2 - 3 - 4 - 5 Highly



Next Story: Co. Launches Sale of Implantable Chip  (AP)

More Technology - Top Stories Stories
· Honeywell Profits Sink 30 Percent   (AP)
· Microsoft Reveals No Plans For Dividend  (washingtonpost.com)
· Microsoft Issues Critical Windows Patch  (TechWeb)
· IBM earnings don't confirm tech recovery  (USA TODAY)
· The Long and Short of Snort Intrusion Detection  (NewsFactor)


Weekly Specials ADVERTISEMENT
· Refinance NOW and GET CASH! FREE Quote!
· Term Life Insurance - save up to 70% at Intelliquote.com
· Register today to manage your polices at statefarm.com®.
· Can't Pay Your Bills? - Free Debt Consolidation
· Planning to Sell or Buy a Home this Summer?
· Save money now...GEICO.com
· Chase® Platinum Visa: 0% Intro APR, No Annual Fee. Click to Apply!
· Stop Snoring Now - Sleep Better Tonight
· Shop & Compare for Term Life Insurance with ReliaQuote
· Check out Toyota's quality cars, trucks and SUVs at toyota.com..
Platinum

ADVERTISEMENT
visit hp.com


Tech Education
Online Degrees in IT Management
Online Degrees in Web Design
from Yahoo! Education

Copyright © 2003 The Associated Press. All rights reserved. The information contained in the AP News report may not be published, broadcast, rewritten or redistributed without the prior written authority of The Associated Press.
Copyright © 2003 Yahoo! Inc. All rights reserved.
Questions or Comments
Privacy Policy -Terms of Service - Copyright Policy - Ad Feedback