Second security breach at Microsoft

For the second time is as many weeks, Microsoft is being forced to explain how an intruder got into its systems. According to the embarrassed software giant, the breach is not serious as the cracker was unable to do any serious damage.

Just a week after admitting that an intruder gained unauthorised access to the company's corporate network, Microsoft confirmed that a Dutch cracker with the alias Dimitri exploited a known vulnerability in Microsoft's Internet Information Server (ISS), the application used to power the site.

Adding insult to injury, Dimitri then posted news of the attack to the events.microsoft.com bulletin board. He boasted that he could access a number of Microsoft Web servers and alter files on the company's download site. A Microsoft spokeswoman insists this is untrue saying the intrusion was limited to the one Web server and was patched almost immediately.

"It was an isolated incident and had nothing to do with the intrusion into the corporate network last week," she said. "It was a single server that had been retired. It was not hosting anything, just redirecting."

This spokeswoman also says that, despite last week's high-profile break-in, this second incident will not have a major effect on the company's reputation. "It was a very small issue," she says. "It hasn't really affected Microsoft at all."

Take me to Hackers

Take me to ZDNet Enterprise

To have your say online click on the TalkBack button and go to the ZDNet News forum.

Let the editors know what you think in the Mailroom. And read what others have said.