April 19, 2004 -- (WEB HOST INDUSTRY REVIEW) -- According to a report by research and analysis firm Netcraft (netcraft.com), code that can be used to exploit a recently discovered vulnerability in Windows SSL, was released last Wednesday, only a day after Microsoft (microsoft.com) described the flaw and issued a patch in security update MS04-011. The exploit code is known as SSL Bomb.
The flaw the code is designed to exploit, which Microsoft has listed as "critical," allows a remote attacker to take control of Windows 2000 and Windows NT4 servers using the popular SSL technology. According to Microsoft, the vulnerability exists on any unpatched system that uses SSL, including Internet Information Server (versions 4.0, 5.0 and 5.1), Exchange Server (5.5, 2000 and 2003) and SQL Server 2000.
According to reports late last week, the Microsoft Update Web site was experiencing slow response times as a result of the high volume of traffic that followed the security update.
