Microsoft have bugs??
A program that gives remote attackers complete control of vulnerable computers running Microsoft's popular Web-server software has been quietly posted online and may have been in use for nearly two weeks. Source code to the program, which exploits a recently discovered bug in the indexing service (IDA) of Microsoft's Internet Information server (IIS), was posted last week on the Geocities home page of a Japanese hacker who uses the nickname "HighSpeed Junkie." According to the code, it was programmed on June 21. |
The release of the attack program follows a warning from Microsoft on June 18 that its IIS software, used by nearly 6 million Web sites, contains a buffer overflow flaw that could enable a remote attacker to gain full, system-level control of the server.
The message noted that the program is already listed in the file archives of at least one underground site that offers hacking tools. According to the author, the existence of the code demonstrates that efforts by vendors, government or others to prevent "full disclosure" are futile. "Full disclosure," in this context, means the release of such programs and other information related to security vulnerabilities
Read the full story Here
Source: AntiOnline
