(IDG News Service) — Microsoft Corp. fell victim to a software
vulnerability in one of its own products on Saturday, when the W32.Slammer
worm infested host machines on the Redmond, Washington company's network,
flooding that network with traffic.
The company's travails with Slammer late Friday night and Saturday morning
were first revealed through internal e-mail messages obtained by news
agencies and reported on Monday.
A Microsoft spokesman confirmed that the Slammer worm penetrated the
company's network defenses and infected a number of SQL Server databases and
desktop machines.
"There were circumstances where we were not patched," said Rick Miller, a
spokesman for Microsoft.
The vulnerable machines were mostly in the company's Redmond campus and
concentrated in an area of Microsoft's network used by SQL Server developers,
according to Miller.
In some c... (more)
(IDG News Service) — For the second time in as many months, the Apache
Software Foundation released an updated version of the popular open source
Web server software, only to warn users of a critical security hole in
previous versions of the software that the update patches.
The new version of Apache, 2.0.46, was described as "principally a security
and bug fix release" in a bulletin released by the open source organization
Wednesday.
Among those fixes is a patch for a security hole in the mod_dav module that
could be exploited remotely, causing an Apache Web server process to cr... (more)
(IDG News Service) — A security vulnerability in one of the most
commonly used e-mail server software packages could have a wide ranging
impact, akin to the Microsoft Corp. SQL Server vulnerability that spawned the
recent Slammer worm, according to an advisory published Monday by Internet
Security Systems Inc. (ISS).
The buffer overflow vulnerability was found in a number of versions of the
open source Sendmail Mail Transfer Agent (MTA), ranging from the most recent
release of that software to versions that first appeared in the late 1980s.
The vulnerability could allow a ... (more)
(IDG News Service) — A software vulnerability in the widely used Snort
open-source intrusion detection system (IDS) software could allow an attacker
to crash the Snort sensor or gain control of the host device on which the
sensor runs.
Snort serves as the basis for commercial IDS products such as those produced
by Sourcefire Inc. and can be used to detect a wide range of network attacks
and probes, such as attempted buffer overflows and port scans.
A buffer overflow vulnerability was found in code used by Snort to detect an
attack technique called RPC (remote procedure call... (more)
(IDG News Service) — A majority of leading information technology (IT)
security experts said that the security of Microsoft's products is a top
concern, but the company still deserves credit for its efforts to tackle the
security problem, according to a report released by Forrester Research.
The report, "Can Microsoft Be Secure," surveyed 35 IT security professionals
at companies with at least US$1 billion in annual revenue. Respondents were
asked their impressions of Microsoft's products.
Seventy seven percent of those surveyed experienced Windows security problems
in the ... (more)