Windows flaw jeopardises millions of PCs and servers

Windows flaw jeopardises millions of PCs and servers

Summary: Think Code Red, think Nimda...

TOPICS: Hardware

Think Code Red, think Nimda...

A software bug in a common component of Microsoft web servers and Internet Explorer could leave millions of servers and home PCs open to attack. The vulnerability, found by security company Foundstone and confirmed by Microsoft, could allow an internet attacker to take over a web server, spread an email virus or create a fast-spreading network worm. George Kurtz, CEO of Foundstone, said: "There are millions of systems and clients that will be affected by this." Foundstone originally discovered the flaw and worked with Microsoft to develop a patch. The flaw, in a component of Windows that allows web servers and browsers to communicate with online databases, could be as widespread as the flaws that allowed the Code Red and Nimda worms to spread, said Kurtz. More than 4.1 million sites hosted on Microsoft's Internet Information Service (IIS) software are likely to be affected. In addition, millions of Windows 95, 98, Me and 2000 PCs could also be vulnerable to the software bug. Microsoft rated the flaw as critical, and Lynn Terwoerds, security program manager for Microsoft's security response centre, said: "There is a possibility that it might be wormable, it is clearly critical. We want the patch uptake to be really high." Visit for more information on how to protect yourself against this flaw. Robert Lemos writes for

Topic: Hardware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to start the discussion