Windows flaw jeopardises millions of PCs and servers

Summary:Think Code Red, think Nimda...

Think Code Red, think Nimda...

A software bug in a common component of Microsoft web servers and Internet Explorer could leave millions of servers and home PCs open to attack. The vulnerability, found by security company Foundstone and confirmed by Microsoft, could allow an internet attacker to take over a web server, spread an email virus or create a fast-spreading network worm. George Kurtz, CEO of Foundstone, said: "There are millions of systems and clients that will be affected by this." Foundstone originally discovered the flaw and worked with Microsoft to develop a patch. The flaw, in a component of Windows that allows web servers and browsers to communicate with online databases, could be as widespread as the flaws that allowed the Code Red and Nimda worms to spread, said Kurtz. More than 4.1 million sites hosted on Microsoft's Internet Information Service (IIS) software are likely to be affected. In addition, millions of Windows 95, 98, Me and 2000 PCs could also be vulnerable to the software bug. Microsoft rated the flaw as critical, and Lynn Terwoerds, security program manager for Microsoft's security response centre, said: "There is a possibility that it might be wormable, it is clearly critical. We want the patch uptake to be really high." Visit for more information on how to protect yourself against this flaw. Robert Lemos writes for

Topics: Hardware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.