'Backdoor' found in Microsoft software

Microsoft has acknowledged that its engineers substituted certain file names with the phrase, "Netscape engineers are weenies," in some of its internet software.

This 'backdoor' password could allow hackers to gain unauthorised access to potentially thousands of websites using Frontpage 98 extensions. The web authoring software tool requires that special software code, or extensions, be present on the website for the features to be available.

Steve Lipner, manager of Microsoft's security response centre, said the backdoor password is "absolutely against the company's policy", and that the as yet unidentified employees responsible for the backdoor would be sacked.

Microsoft is expected to publish an email bulletin and an advisory statement on its corporate website. The company urged users to delete the computer file, called 'dvssr.dll', which contains the offending code.

Lipner said that although the file is installed on Microsoft internet server software with Frontpage 98 extensions, the problem does not affect internet servers running Windows 2000 or the latest version of its server extension included in Frontpage 2000. He added that Microsoft isolated the problem within a few hours after it was discovered.

There have been no reports of site access through the code, but experts point out the risk was greatest at commercial internet hosting providers, which maintain hundreds or thousands of separate websites for different companies.

The software code was apparently written three years ago near the peak of Microsoft's rivalry with Netscape Communications over versions of the internet browser software.

A security consultant known as 'Rain Forest Puppy' notified Microsoft about the backdoor in an email message last Thursday morning after an employee at ClientLogic contacted him.

A Europe-based employee of ClientLogic, which provides outsourced marketing and fulfilment services to ecommerce companies, discovered the glitch.