CBS MarketWatch: Microsoft Admits Security Flaw

[ Thanks to Hap for this
link. ]

” Microsoft acknowledged Thursday that its engineers included in
some of its Internet software a secret password — a phrase
deriding their rivals at Netscape as “weenies” — that could be
used to gain illicit access to hundreds of thousands of Internet
sites world-wide. The manager of Microsoft’s security-response
center, Steve Lipner, acknowledged the online-security risk in an
interview Thursday and described such a backdoor password as
“absolutely against our policy” and a firing offense for the as yet
unidentified employees. The company planned to warn customers as
soon as possible with an e-mail bulletin and an advisory published
on its corporate Web site. Microsoft urged customers to delete the
computer file-called “dvwssr.dll”-containing the offending code.
The file is installed on the company’s Internet-server software
with Frontpage 98 extensions. While there are no reports that the
alleged security flaw has been exploited, the affected software is
believed to be used by many Web sites. By using the so-called
back door, a hacker may be able to gain access to key Web-site
management files, which could in turn provide a road map to such
things as customer credit-card numbers, said security experts who
discovered the password.

Complete Story