Microsoft worried about Windows flaw code

SOFTWARE COLOSSUS Microsoft is worried about code circulating on the net which exploits a flaw to turn over Vole 2000 and XP machines.

The SSL Bomb exploits a flaw which was only formally announced last week.

The bug is in the Windows secure socket layer and leaves servers open to a denial of service.

According to a spokesVole the malformed SSL packets can force Windows 2000 and Windows XP machines to stop accepting SSL connections, and cause Windows Server 2003 to reboot.

"Microsoft considers these reports [of the bomb] credible and serious and continues to urge all customers to immediately install MS04-011 (the patch for the SSL vulnerability) as well as the other critical updates provided last week," the spokesVole said.

"This exploit code targets server platforms that are running Internet Information Services to serve web sites with Secure Socket Layer authentication enabled.

The exploit code attempts to exploit the PCT/SSL vulnerability addressed by bulletin MS04-011. Windows 2000 and Windows NT 4.0 are primarily at risk.

Windows Server 2003 customers using IIS, even if SSL is enabled, the vulnerable code is disabled by default. Windows Server 2003 is only vulnerable if an administrator has enabled PCT manually. Customers who have deployed MS04-011 are not at risk from this exploit code," Microsoft said. µ