By Stevie Smith Nov 27, 2007, 10:56 GMT
Not everyone in the U.S. got to enjoy their Thanksgiving turkey last Thursday, not least a bunch of unsuspecting Microsoft engineers who have been working diligently through the holiday to address a critical Windows flaw that has seen millions of computer systems around the world left open to possible cyber attacks.
'Ethical hacker' from New Zealand turns Microsoft's attention to potentially destructive Windows design flaw. Credit: Microsoft.
Notification of the vulnerability in Microsoft’s operating platform came indirectly from Beau Butler, an ‘ethical hacker’ based in New Zealand. Mr. Butler gave a public demonstration of the flaw after he discovered it had exposed some 160,000 computers in New Zealand alone and could be exploited by attackers in various other countries around the world.
The design flaw in question, which can allow an attacker to gain control over a huge amount of home-based and office computers, commit ID theft, and also send out waves of malicious spam, was demonstrated by Mr. Butler at the Kiwicon hacker conference last week.
"This whole presentation came about from me telling a story to a bunch of my computer security friends down the pub one night," he revealed in a phone interview with the San Jose Mercury News. "They basically said, ‘You’re going to have to step up and talk about that’."
Following Mr. Butler’s unveiling, Redmond-based Microsoft Corporation confirmed that the flaw was indeed serious and immediately tasked its engineering teams in Australia and the United States to plug the exploit gap in its Windows software, offering that "we’re researching comprehensive mitigations and workarounds to protect customers."
Apparently the flaw is far from new, having been initially fixed by Microsoft some five years ago. However, it would appear that this latest vulnerability, which affects all versions of the Windows OS, leaves Microsoft’s supposed fix as being somewhat exposed.
Your Talkback on this Story