- 4chan hell raisers finding fame brings heat?
- The 10 dumbest mistakes network managers make
- NetApp quits bidding war in face of EMC opposition
- CompuServe closes after 30 years
- Google to launch open-source Chrome OS this year
Hackers have released code that could be used to take control of a server running Microsoft's Host Integration Server 2006, used to connect mainframe applications to Windows PCs.
The software was released Wednesday as part of the Metasploit hacking toolkit.
Microsoft released a patch for this flaw on Tuesday, as part of its monthly security updates. The bug lies in the SNA (Systems Network Architecture) remote procedure call used by the server to communicate with the mainframe.
Normally, this service would be blocked by a firewall and in a typical configuration the attacker would need to have an account on the Host Integration Server in order to launch the attack. However, poorly configured machines such as test systems might be vulnerable to an attack, said Russ Cooper, a manager with Verizon Business's RISK Team.
This Host Integration Server flaw was one of 20 security bugs patched by Microsoft this month, but it is the first to be exploited by hackers since the patches were released Tuesday.
The Leader in Network Knowledge
Comments (1)
Hackers release code for critical Microsoft mainframe flawBy Microsoft Subnet on October 16, 2008, 5:00 pmThe first bug to be exploited since Microsoft released 11 fixes on Tuesday concerns MS08-059, the Host Integration Server RPC bug that Microsoft labeled as critical....
Reply | Read entire comment
View all comments