Skip to main content /TECH with /TECH

Microsoft security flaw in shades of gray

Industry Standard

(IDG) -- The latest security hole in Microsoft's Internet Information Server 5.0 is a doozy. It lets anyone anywhere run code on the hosting Windows 2000 system with administrator privileges. The hole was reported on Tuesday by eEye Digital Security. Microsoft released a patch to fix it, and acknowledged and thanked eEye.

Microsoft's hole-du-jour was widely reported on Wednesday. That same day, several hackers released exploits demonstrating how to use the technique to run code on remote Windows 2000 systems, and the press clamor began anew.

Visit an IDG site search

Accounts varied as to how many vulnerable systems there are. The AP reported that Microsoft has sold a million licenses of its Windows 2000 Server, but didn't guess how many are running the IIS Web software. The Register blithely guesstimated, and headlined, that "several million" Windows 2000/IIS 5.0 systems are in use.

An early Associated Press report simply covered a press release from eEye announcing the exploits. ZDNet and InternetNews identified one of the hackers - who goes by the nickname Dark Spyrit - and described his exploit code, called jill.c.

Because eEye waited for Microsoft's fix before posting details of the problem, the security community would consider it a "white hat." (Gray hats are those hackers who believe that the best way to force attention to security is to promulgate dangerous exploits. Black hats are the just-plain bad guys.) Yet after Dark Spyrit - whom InternetNews's Brian McWilliams called a gray hat - released jill.c, eEye's "chief hacking officer" published a harmless sample exploit of his own. Watch his hat darken.

The Register's hat is looking a little smudged after its coverage. Reporter Thomas C. Greene not only fingered a second published exploit but also provided handy links to both pieces of abusive code. InternetNews quoted security expert Russ Cooper, identified as the "surgeon general" of TruSecure, who said releasing an exploit "was not necessary to put fire under the butts of anybody. Every alerting mechanism on the planet has been invoked."

Microsoft scorns 'open-source'
May 3, 2001
Virus infects Microsoft support server
April 27, 2001
Clone of 'Melissa' virus infects the Internet
April 19, 2001
Microsoft security flaw can lead to Web attack
April 18, 2001
Security firm aims to wipe out computer viruses
April 25, 2001

U.S. Air Force blasts Outlook security patch
Microsoft security attack tool published on Net
Microsoft patches glitch in security tool
Bug Hunter Claims Windows Flaw Can Hide Hazards
Microsoft security flaw can lead to DoS
Microsoft, Cisco team on wireless security
MS updates Windows to combat VeriSign glitch
Microsoft details browser-privacy tools


Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


4:30pm ET, 4/16

Back to the top