Windows flaw jeopardises millions of PCs and servers

A software bug in a common component of Microsoft web servers and Internet Explorer could leave millions of servers and home PCs open to attack.

The vulnerability, found by security company Foundstone and confirmed by Microsoft, could allow an internet attacker to take over a web server, spread an email virus or create a fast-spreading network worm.

George Kurtz, CEO of Foundstone, said: "There are millions of systems and clients that will be affected by this."

Foundstone originally discovered the flaw and worked with Microsoft to develop a patch.

The flaw, in a component of Windows that allows web servers and browsers to communicate with online databases, could be as widespread as the flaws that allowed the Code Red and Nimda worms to spread, said Kurtz.

More than 4.1 million sites hosted on Microsoft's Internet Information Service (IIS) software are likely to be affected. In addition, millions of Windows 95, 98, Me and 2000 PCs could also be vulnerable to the software bug.

Microsoft rated the flaw as critical, and Lynn Terwoerds, security program manager for Microsoft's security response centre, said: "There is a possibility that it might be wormable, it is clearly critical. We want the patch uptake to be really high."

Visit http://www.microsoft.com/technet for more information on how to protect yourself against this flaw.

Robert Lemos writes for News.com