Nearly all Windows NT-based Web servers on the Internet are vulnerable to a newly discovered security breach, according to the eEye Digital Security Team.
The hole could let hackers take control of the server, and in some cases, the network to which it is attached.
eEye officials say they discovered the bug on June 6 when its Retina network security scanning software, succeeded in crashing an NT server.
eEye engineers say the breach could be exploited not only to crash the NT machine, but to take it over completely.
eEye says the company supplied detailed information about the bug to Microsoft on June 8, but a week later, Microsoft had still not published a fix and stopped responding to e-mails about the bug.
eEye has now released not only a description of the hole, but two working demonstration programs that allow anyone to break into an NT server running IIS 4.0. The break-in code appears to work on any server from which a Web page can be retrieved, even if a firewall is present.
The complete story appears at http://www.zdnn.com.