Microsoft phones key customers to warn of 'critical' security flaw

Microsoft spent Monday afternoon (17 March) calling hundreds of UK IT managers to give them advanced notice of a "critical"...

Microsoft spent Monday afternoon calling hundreds of UK IT managers to give them advanced notice of a "critical" security hole in the Windows 2000 operating system.

The calls were made after hackers had exploited the flaw to break into a US army server.

Microsoft's chief security officer Stuart Okin said, "This is the first time we have rung up our enterprise customers directly to warn them."

Microsoft advised users to put their operational team on standby for 6pm. "We knew the alert was being issued at 6pm, but there was a risk that people would not be at work," said Okin. The Microsoft chief security officer said his personal assistant contacted 50 of Microsoft's enterprise customers directly.

Russ Cooper, who heads security firm TruSecure and runs the authoritative NTBugtraq security listing, first heard of the issue last week when US army officials contacted him about a military server that had been attacked.

"They told me the attack established an outbound network connection on their server, and sent data to an unspecified location."

Cooper criticised Microsoft for waiting until Monday to release a patch. "The information to protect the software could have been pre-released last week. There was no need to wait to install the full Microsoft patch. A workaround would have been sufficient."

Dan Inngevaldson, a security consultant at Internet Security Systems (ISS), said normally an exploit of a security hole comes after the vulnerability has been identified and a patch made available.

"In this case, a hacker had found the exploit first, which is very dangerous. We were able to get a copy of the exploit which worked on all the machines in our test lab," he said.

The alert concerned a function of Windows 2000 called WebDav, which provides network protocols for collaborative applications. A buffer overflow in the software could allow a hacker to view and delete files on a Windows 2000 server.


Simon Moores: Thought for the day

Read more on IT risk management