SEATTLE -- A group in China released a program Friday that lets hackers exploit a flaw in Microsoft software and take over a victim's computer over the Internet.
The program, released nine days after Microsoft announced the flaw, has turned an embarrassment for the company and inconvenience for customers into a near-emergency.
The program, posted on the group's website, takes advantage of a vulnerability in nearly all versions of Microsoft's Windows operating system, including Windows Server 2003, touted as Microsoft's safest ever.
The Redmond software giant has urged corporate and home users to download a free software fix, but many consumers -- particularly companies with hundreds or thousands of computers at risk -- probably have not yet done so, said Marc Maiffret, co-founder of eEye Digital Security of Aliso Viejo, Calif.
"Three times a year, there are (flaws) this bad," Maiffret said. "This is one of those times."
The flaw, discovered by western Poland researchers called the "Last Stage of Delirium Research Group," affects Windows technology used to share data files across computer networks. It can allow attackers to seize control of a victim's computer, letting them steal data, delete files and access e-mails.
The flaw is an embarrassment to a company that has dedicated millions of dollars to its highly trumpeted Trustworthy Computing initiative, in which Microsoft has been emphasizing security in writing code.
http://www.wired.com/news/technology/0,1282,59792,00.html
The program, released nine days after Microsoft announced the flaw, has turned an embarrassment for the company and inconvenience for customers into a near-emergency.
The program, posted on the group's website, takes advantage of a vulnerability in nearly all versions of Microsoft's Windows operating system, including Windows Server 2003, touted as Microsoft's safest ever.
The Redmond software giant has urged corporate and home users to download a free software fix, but many consumers -- particularly companies with hundreds or thousands of computers at risk -- probably have not yet done so, said Marc Maiffret, co-founder of eEye Digital Security of Aliso Viejo, Calif.
"Three times a year, there are (flaws) this bad," Maiffret said. "This is one of those times."
The flaw, discovered by western Poland researchers called the "Last Stage of Delirium Research Group," affects Windows technology used to share data files across computer networks. It can allow attackers to seize control of a victim's computer, letting them steal data, delete files and access e-mails.
The flaw is an embarrassment to a company that has dedicated millions of dollars to its highly trumpeted Trustworthy Computing initiative, in which Microsoft has been emphasizing security in writing code.
http://www.wired.com/news/technology/0,1282,59792,00.html