Microsoft server flaw lesson goes unlearned

A quarter of all Fortune 1000 companies are still exposed to the web server flaw which forced Microsoft offline for three days last month.

The latest survey from Icelandic DNS (domain name software) specialist Mice and Men revealed 25 per cent of Fortune 1000 and 38 per cent of dot-coms remain vulnerable to server outage - very little change from the time of the Microsoft incident. The software giant was running its DNS server from one network segment, allowing the system to be easily knocked out from a single point of failure. According to Mice and Men the results show system administrators are failing to learn the lesson of Microsoft's failure. But the company reported significantly more success in mending a series of vulnerabilities in Berkeley Internet Name software (BIND) which were discovered by the CERT Coordination Centre at Carnegie Mellon University at the end of January. The configuration flaws in the software, which is used by over 80 per cent of web servers, provided an easy route onto the network for hackers. But according to Mice and Men the number of Fortune 1000 companies running the vulnerable versions has dropped from 33 per cent to jut 12 per cent. Dot-coms are also catching up, dropping from 40 per cent to just 13 per cent in the three weeks since the discovery. At the beginning of the year over a quarter of German firms were using flawed versions of BIND but this week's survey showed it has dropped to just over 15 per cent. In the UK, less than 10 per cent of web servers are left running the unsafe software.