Linux Today: Linux News On Internet Time.

CNET News.com: Microsoft server bug wrongly publicized?

Jun 18, 1999, 12:56 (20 Talkback[s])
(Other stories by Stephanie Miles)

Thanks to Prasanth for this link.

"Putting the right type of malicious code into a page request can cause IIS to crash, or worse, let an attacker run whatever programming code he wants.

"Firas Bushnaq, CEO of Eeye, today accused Microsoft of dragging its feet to solving the problem. His company alerted Microsoft on June 8, he said, but Microsoft told him to keep quiet about it. Bushnaq said he went public yesterday because he felt Microsoft wasn't doing anything to resolve the issue.

"But Bushnaq didn't stop at just publicizing the bug, and that's where the controversy comes in: EEye posted a program that will exploit the weakness..."

Complete story.