Microsoft has issued patches to plug a serious flaw in its web server software, through which a hacker could take over a server and in some instances even the network it's on.
The flaw, which affects Windows 2000 server software running version 5.0 of Internet Information Server (IIS), was discovered on 6 June by eEye Digital Security Team, responsible for the development of network security software.
"The flaw is very serious," said a spokesperson at Microsoft. "Once exploited, any program can be run as part of the operating system and it isn't too difficult for the hacker to then take over."
Using Retina, a program that mimics common techniques to hack into computer systems, the flaw was pinpointed as an error in the program's internet printing protocol.
"It is imperative that the patch is installed," said Scott Culp, program manager at Microsoft.
"As soon as somebody learns about the [the hole], they need to install the patch," said Marc Maiffret. "They should not even wait an hour."
A hacker could use the remote printing command to perform a 'buffer overflow' and effectively control the system by sending too much data to the buffer, attacking the computer's memory.
eEye notified Microsoft of the problem on 8 June, believing Microsoft was not acting quickly enough. It released a description of the hole and two working demonstration programs that allow anyone to exploit it.
"Even a server that's locked in a guarded room can be broken into with this hole," said a spokesperson at eEye. "This is a reminder to all software vendors that testing for common security holes in your software is a must."