We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Holey software, Batman!

Microsoft issues vital patch for IIS web server

Microsoft has issued patches to plug a serious flaw in its web server software, through which a hacker could take over a server and in some instances even the network it's on.

The flaw, which affects Windows 2000 server software running version 5.0 of Internet Information Server (IIS), was discovered on 6 June by eEye Digital Security Team, responsible for the development of network security software.

"The flaw is very serious," said a spokesperson at Microsoft. "Once exploited, any program can be run as part of the operating system and it isn't too difficult for the hacker to then take over."

Using Retina, a program that mimics common techniques to hack into computer systems, the flaw was pinpointed as an error in the program's internet printing protocol.

"It is imperative that the patch is installed," said Scott Culp, program manager at Microsoft.

"As soon as somebody learns about the [the hole], they need to install the patch," said Marc Maiffret. "They should not even wait an hour."

A hacker could use the remote printing command to perform a 'buffer overflow' and effectively control the system by sending too much data to the buffer, attacking the computer's memory.

eEye notified Microsoft of the problem on 8 June, believing Microsoft was not acting quickly enough. It released a description of the hole and two working demonstration programs that allow anyone to exploit it.

"Even a server that's locked in a guarded room can be broken into with this hole," said a spokesperson at eEye. "This is a reminder to all software vendors that testing for common security holes in your software is a must."


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Why Apple shouldn't be blamed for exploitation in China and Indonesia