On April 14th, a vulnerability in Microsoft's FrontPage 98 Server Extensions was reported. The security hole, reported by News.com, described the hole as follows:
The back door was included in software shipped with Microsoft's Windows NT operating system, the company confirmed. Hackers knowing how to exploit the vulnerability could access any site using FrontPage 98 extensions, Microsoft said. FrontPage, a Web authoring and site management software package, requires that special software code--or extensions--be present on the Web site for all features to be available.
To exploit the weakness, a hacker would also need authoring privileges on a particular Web server. By accessing a single file, called "dvwssr.dll," the hacker could write a script allowing access to many more files on the site.
[Taken from Microsoft secret file could allow access to Web sites]
Supposedly there was a backdoor problem: someone who requested a document from a Web server using FrontPage 98
Server Extensions using the user name
NetscapeEngineersAreWeenies could look at any ASP page's source.
Microsoft, eager to resolve this issue, set its team of engineers at full speed to locate this vulnerability and patch it up. The results? No backdoor was found; the "weenie" username worked only on insecure systems, where any username would have worked.
In Microsoft's commitment to locate the problem, however, they did unearth a buffer-related error with
Microsoft currently has a security
bulletin up and a FAQ about this
buffer overflow error.
More on this as it becomes available...