By Janet Kornblum
June 20, 1997, 2 p.m. PT
update Hackers exploited a bug in Microsoft's
(MSFT) server software, jamming the company's
Web site since yesterday.
The hackers are apparently exploiting a bug in
Windows NT 4.0 running Microsoft's Internet
Information Server version 3.0, in which the entire
site is jammed by someone typing in a specific URL
into a Web browser, according to Mike Nash,
director of marketing for Windows NT server.
Hackers sent Microsoft an email at about 4 p.m.
yesterday, Nash said. Microsoft engineers
immediately developed a patch and are posting it on
their own site today. The patch will be ready by 5
p.m., he added.
"Hackers made us aware of a problem that they had
identified," Nash said. "It is possible to develop a
URL--a string of characters in a browser--that could
cause interruption of service on a Web server."
Someone identified as Todd Fast says on his site that
he inadvertently discovered the bug "while examining
the parameters of an URL Microsoft's Internet
Information Server (IIS) would accept without an
error."
"This is a hugely embarrassing bug for Microsoft in
my opinion, particularly since they've just been
lauded for pulling ahead of Netscape in Web server
market," Fast wrote. "Knowing that anyone with a
grudge and a twitchy keyboard could shut down any
of their customer's Web sites must bear horribly on
their collective conscience."
Microsoft representatives originally said that the
problem was caused by busy servers and that users
should expect delays through the end of the month.
The problem was exacerbated by what Microsoft
spokesman Adam Sohn called "phenomenal growth."
In other words, not everyone who tries to access the
site will get onto it every time. The problem is
compounded by Internet routing jams and individual
jams at Internet service providers, Nash said.
Those who were able to get to the home page today
were greeted with the following message: "We're
upgrading; our apologies in advance due to
growth...Over the next few weeks, some users may
see some interruption in service. Read what's
happening!"
The "Read what's happening" had a link, presumably
to a story, but people had trouble getting to that link.
The outage and problems have angered some Web
surfers who have been trying to get onto the pages.
Some, who presumably did not yet know the cause
of the outage, used the problems to criticize the
company's Web server software. "Maybe they
should have bought Linux," one reader sarcastically
wrote to CNET's NEWS.COM.
"They have so many bugs in their software, so why
use it?," said Ben Efros, a Webmaster who also
wrote in. "Microsoft is just a large company going
nowhere on the Internet.
But others came to the defense of Microsoft, saying
its software is better than Linux.