We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Holey software, Batman!

Microsoft issues vital patch for IIS web server

Microsoft has issued patches to plug a serious flaw in its web server software, through which a hacker could take over a server and in some instances even the network it's on.

The flaw, which affects Windows 2000 server software running version 5.0 of Internet Information Server (IIS), was discovered on 6 June by eEye Digital Security Team, responsible for the development of network security software.

"The flaw is very serious," said a spokesperson at Microsoft. "Once exploited, any program can be run as part of the operating system and it isn't too difficult for the hacker to then take over."

Using Retina, a program that mimics common techniques to hack into computer systems, the flaw was pinpointed as an error in the program's internet printing protocol.

"It is imperative that the patch is installed," said Scott Culp, program manager at Microsoft.

"As soon as somebody learns about the [the hole], they need to install the patch," said Marc Maiffret. "They should not even wait an hour."

A hacker could use the remote printing command to perform a 'buffer overflow' and effectively control the system by sending too much data to the buffer, attacking the computer's memory.

eEye notified Microsoft of the problem on 8 June, believing Microsoft was not acting quickly enough. It released a description of the hole and two working demonstration programs that allow anyone to exploit it.

"Even a server that's locked in a guarded room can be broken into with this hole," said a spokesperson at eEye. "This is a reminder to all software vendors that testing for common security holes in your software is a must."


IDG UK Sites

Windows 9 release date, price, features: Windows 9 beta leaked ahead of 30 September unveiling

IDG UK Sites

Is Apple losing confidence in itself?

IDG UK Sites

How a London VFX studio is ditching desktop workstations for cloud-based creative power

IDG UK Sites

iOS 8 tips & tricks: Get to know iOS 8's handy new features