eEye Digital Security » News

News

eEye Digital Security unveils one of the largest security holes on the Internet to date.

(CORONA DEL MAR, CA) June 8th, 1999 — eEye Digital Security Team, an eCompany LLC venture, dedicated to network security and custom network software development has unveiled one of the most vulnerable security holes on the Internet to date. The vulnerability exists in the latest release of Microsoft Internet Information Server. The most commonly used Windows NT web server on the Internet.

The vulnerability allows arbitrary code to be run on any web server running the latest release of Microsoft Internet Information Server. Utilizing a buffer overflow bug in the web server software, an attacker can remotely execute code to enable system level access to all data residing on the server.

eEye - Digital Security Team came across the vulnerability while testing Retina® Network Security Scanner. Retina is a network security auditing and reporting tool that is currently in beta testing. One of Retina's features utilizes an Artificial Intelligence engine that is designed to think like a hacker. Collecting data and mining for information from the target network or web server. The end result of this data is used to perform auditing on the network and find potential vulnerabilities and weaknesses in the network security.

eEye Digital Security has notified Microsoft about the security breach and has been working with the Microsoft Security Team to help provide a fix. eEye Digital Security did provide Microsoft with an immediate patch for the web server and complete details on how the vulnerability can be exploited remotely to gain system level access to the web server's data. Complete details of the vulnerability and the exploit will be available on eEye's website (www.eEye.com) after Microsoft releases an official fix for the web server.

Firas Bushnaq, President and CEO of eCompany LLC was quoted as saying: "When the team notified me of the breach, I felt the ground move. Are you telling me that our web sites, online businesses and our clients data are open to any cracker with half a brain? We must fix this first and make sure the whole world knows about it."

"We've just released the first beta of Retina one week ago and already we have more than three major exploits on our hands, we've definitely created the hacker on steroids, I can imagine what's coming in the next few months," said Marc Maiffret of the eEye Digital Security Team.

About eEye Digital Security

eEye Digital Security® is pioneering a new class of security products:integrated threat management. This next-generation of security detects vulnerabilities and threats, prevents intrusions, protects all of an enterprise’s key computing resources, from endpoints to network assets to web sites and web applications, all while providing a centralized point of security management and network visibility.eEye’s research team is consistently the first to identify new threats in the wild, and our products leverage that research to deliver on the goal of making network security as easy to use and reliable as networking itself. Founded in 1998 and headquartered in Orange County, California, eEye Digital Security protects more than 9,000 corporate and government organizations worldwide, including half of the Fortune 100. For more information, please visit www.eeye.com

About eEye Digital Security

Primary Agency Contact

EMEA Agency Contact

Corporate Contact