Nov. 20 — A software bug in a common component of Microsoft Web servers and Internet Explorer could leave millions of servers and home PCs open to attack, security researchers said Wednesday. The vulnerability, found by security company Foundstone and confirmed by Microsoft, could allow an Internet attacker to take over a Web server, spread an e-mail virus or create a fast-spreading network worm.
“THERE ARE MILLIONS of systems and clients that will be affected by this,” said George Kurtz, chief executive of Foundstone. “This is huge.”
Foundstone originally discovered the flaw and worked with Microsoft to develop a patch.
The flaw, in a component of Windows that allows Web servers and browsers to communicate with online databases, could be as widespread as the flaws that allowed the Code Red and Nimda worms to spread, said Kurtz. It likely affects the majority of the more than...