- New attack fells Internet Explorer
- Steve Jobs is a man of a few words
- Oddball gifts for uber geeks
- Global warming research exposed after hack
- Google adding IPv6 to YouTube
Hackers have released code that could be used to take control of a server running Microsoft's Host Integration Server 2006, used to connect mainframe applications to Windows PCs.
The software was released Wednesday as part of the Metasploit hacking toolkit.
Microsoft released a patch for this flaw on Tuesday, as part of its monthly security updates. The bug lies in the SNA (Systems Network Architecture) remote procedure call used by the server to communicate with the mainframe.
Normally, this service would be blocked by a firewall and in a typical configuration the attacker would need to have an account on the Host Integration Server in order to launch the attack. However, poorly configured machines such as test systems might be vulnerable to an attack, said Russ Cooper, a manager with Verizon Business's RISK Team.
This Host Integration Server flaw was one of 20 security bugs patched by Microsoft this month, but it is the first to be exploited by hackers since the patches were released Tuesday.
Rss FeedRss Feed
The Leader in Network Knowledge
Comments (1)
Hackers release code for critical Microsoft mainframe flawBy Microsoft Subnet on October 16, 2008, 5:00 pmThe first bug to be exploited since Microsoft released 11 fixes on Tuesday concerns MS08-059, the Host Integration Server RPC bug that Microsoft labeled as critical....
Reply | Read entire comment
View all comments