ad info
   personal technology

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

CNN Websites
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines

 message boards




Summer spawns cloud of software bugs

July 29, 1998
Web posted at: 11:25 AM EDT

by Dana Gardner

(IDG) -- Cover up and use the bug spray liberally, as many as five software bugs have bitten Microsoft products and their users in the last few weeks.

The latest pesky outbreak may be a serious Internet e-mail breach that can erase hard drives and has affected not only Microsoft's Outlook and Outlook Express clients, but also Netscape's Communicator and apparently Qualcomm's Eudora clients.

The bug can allow an outsider to deliver a booby-trapped message that could command a PC's hard drive to erase, or other shenanigans. So far, no problems as a result of the bug have been reported, but experts called it a major security issue.

Microsoft on Monday posted a patch for Microsoft Outlook 98 at the URL listed at the bottom of this page.

  InfoWorld home page
  InfoWorld forums home page
  InfoWorld Internet commerce section
  Get Media Grok and The Industry Standard Intelligencer delivered for free
 Reviews & in-depth info at's personal news page
  Subscribe to's free daily newsletter for IT leaders
  Questions about computers? Let's editors help you
  Search in 12 languages
 News Radio
  PC World News Radio
  Computerworld Minute audio news for managers

Netscape users will get a fix in August when Communicator 4.06 arrives, Netscape officials said.

Just two weeks ago, a server-based security breach made scripting information vulnerable on Microsoft's Internet Information Server, part of the popular Windows NT BackOffice family.

That was followed last week by a separate Windows NT bug. The so-called "privilege-elevation attack" enabled by a file posted on the Internet allows non-administrative users to gain access to supposedly secure network resources.

And even Microsoft products that haven't reached the public have recently been held up by bugs. The Exchange Server 5.5 Service Pack 1.0 product was just about ready to download -- so ready that Microsoft announced that it was a done deal -- when it was pulled back to be fixed two weeks ago.

Now, this week, in addition to the Outlook security issue, another messaging-oriented bug that affects Microsoft Exchange 5.x servers has arisen.

Internet Security Systems (ISS) X-Force, an independent test lab, announced late last week that a hacker can disrupt and crash Microsoft Exchange Server 5.x over the network, stopping e-mail and other services, though not losing data.

No customers have been affected by the lapse, said Microsoft, and on Monday the company created a "hot fix" that is available to Exchange customers by calling (425) 635-7000. The fix will also be part of the Exchange Service Pack 1.0 when it arrives in August, Microsoft said.

Microsoft has apparently been working with ISS on the issue for several weeks before the public announcement.

InfoWorld editor-at-large Dana Gardner is based in San Mateo, Calif.

Related stories:
Latest Headlines

Today on CNN

Related stories:

Note: Pages will open in a new browser window Related sites:

External sites are not
endorsed by CNN Interactive

Enter keyword(s)   go    help


Back to the top
© 2000 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.