RealNews

Microsoft Software Hole Leads to Computer Attacks

A new security hole in Windows 2000 operating system when used with Microsoft Corp.’s MSFT.O Web server software has allowed computer attackers to compromise machines, including a U.S. Army server, a security expert said on Monday. Microsoft said it had released a patch and information for a workaround to protect computers from becoming so vulnerable an attacker could gain complete control over a machine. The Army server was successfully attacked about one week ago, but was not connected to any critical systems, said Russ Cooper of research and security services firm TruSecure Corp. based in Herndon, Virginia. An Army Network Command center spokeswoman did not immediately return a call seeking comment. The incident is rare in that software companies usually are able to release a fix for a security vulnerability before it becomes public. This particular case is dubbed a “zero day vulnerability,” and is even more serious because someone was able to develop a software tool to exploit the hole and attack computers a week before anyone had any warning, Cooper said. The attack is known as a “buffer overflow,” in which too much information is sent to a victim machine, overwhelming it, so that an attacker can sneak in. Full Story

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.