Microsoft server bugs open the door to hackers

Microsoft has warned of vulnerabilities in its Exchange 2000 server software and Telnet remote-access service that could open the doors to malicious hackers. The Exchange bug could allow hackers to view or alter the server's system registry, which lists crucial information such as the exact operating system version and which applications are installed. The Telnet hole could allow hackers to launch a denial-of-service attack or execute code on the target system. Both advisories were released late last week. Microsoft recently launched a security initiative unprecedented in the company's history, which begins this month with a top-down review of the code of key products to root out underlying flaws. The appearance of these two new flaws emphasises the difficulty of the task the company faces. Many security experts accuse Microsoft of adhering to lax security standards until now. The Telnet bug affects the Telnet Service in Windows 2000 and the Telnet Daemon in Microsoft Interix 2.2. Telnet is a service that allows users to remotely access a computer; Interix lets users run Unix applications on a Windows system. The two Telnet products contain unchecked buffers, which means that a malicious hacker could cause a buffer overflow, causing the Telnet Server to fail, and in some cases allowing the hacker to execute code of his or her choice on the system. Microsoft rates this vulnerability as a medium risk, but other organisations say it's more serious. For example, the US Government's Computer Incident Advisory Capability (CIAC) flagged the risk as "high". Telnet is installed by default in Windows 2000 systems, but is not running by default, meaning an administrator would have to have started the service. The server would be accessible to an Internet attack if Telnet were configured to allow users from outside the company's network, Microsoft said. Anyone who could connect to the telnet service could attempt to exploit the hole. Microsoft's patch for the Telnet Service in Windows 2000 is here. The patch for the Interix 2.2 is here. To install the Windows 2000 patch, users must already have Windows 2000 Service Pack 1 or 2. The Exchange vulnerability
The Exchange bug, at its worst, would allow a malicious hacker to access the server's system registry, gaining details about the software running on the system, or changing the registry. Microsoft rates the problem as a low risk, while an advisory from security firm WatchGuard Technologies classed it as a medium risk. The problem is with the Microsoft Exchange System Attendant, which helps maintain the Exchange system. To allow remote administration of the server, the System Attendant changes to the permissions of the Windows Registry. However, it incorrectly gives the "Everyone" group privileges to access the registry, something only administrators should normally have. Microsoft cautions that although this privelege only allows users to view the registry, an incorrectly configured registry could allow them the ability to modify registry settings. The information in the registry could also help hackers launch an attack on the Exchange server. Microsoft's patch for the Exchange Server 2000 is here. This week Microsoft plans to release a patch for a bug with MSN Messenger that allowed any Web site to grab a visitor's IM nickname and buddy list. A few days ago, gamers had problems connecting to the Microsoft Network owing to a glitch with the company's Passport log-in service. In August, Microsoft patched a hole in Hotmail that could allow a person's email to be read by others. ZDNet US' Robert Lemos contributed to this report.

---