The security hole placed in Internet Information Server 4.0 by Microsoft's own engineers could be used to gain access to sensitive information, including Web site passwords and customer credit card details.
The bug installs itself with anything on the Windows NT 4.0 Option Pack.
A Microsoft representative said without authoring privileges the bug will only allow read access to active server files. Hackers still need authoring privileges to change or delete pages, he said.
But where multiple Web sites are hosted on a single server, a client given privileges for their site could breach the security of another hosted on the same machine.
The bug allows hackers to gain access to key Web site management files, potentially giving access to sensitive information, by using the phrase "Netscape engineers are weenies".
While the back door does not expose an entire Web server, it does open access to Web site management files and possibly user information and passwords. That information could then be use to expose anything else on the server.
Resellers should advise customers to delete files named 'dvwssr.dll' which contain the code.
14nm Cavium ThunderX2 CPUs deployed in HPE Apollo 70 supercomputer for US National Nuclear Security Administration
MWR's Countercept platform and phishd technologies key to F-Secure acquisition
Brexit labour shortages will lead to higher adoption of robotics
Newbies will be thrown in with the big boys on Sanhok as Kar98 fodder