[ISN] Microsoft Acknowledges Secret Code In Software

From: InfoSec News (isnat_private)
Date: Mon May 14 2001 - 13:07:22 PDT

  • Next message: grepcat: "[ISN] Moles in Cyberspace"

    Last Thursday, Microsoft admitted its engineers planted a secret
    password in its software that could be used to gain illegitimate
    access to hundreds of thousands of Internet sites worldwide. Two
    security experts discovered the code, which was written during the
    dispute between Netscape and Microsoft over their versions of
    Internet-browser software.
    While the software giant acknowledges that the function was
    "absolutely against our policy," it plans to alert customers as soon
    as possible with an e-mail bulletin and advisory published on its
    corporate Web site. The company is also asking customers to delete the
    computer file called "dvwssr.dll", which contains the offending code.
    It is installed on Microsoft's Internet-server software with FrontPage
    98 extensions.
    Although there are no reports that the security flaw has been abused,
    it's believed to be used by many Web sites. By using the affected
    software, a hacker may be able to access key Web site management
    files, which may lead to acquisition to private information such as
    customer credit card numbers.
    ISN is hosted by SecurityFocus.com
    To unsubscribe email isn-unsubscribeat_private

    This archive was generated by hypermail 2b30 : Mon May 14 2001 - 23:26:00 PDT