Microsoft has announced it is investigating reports that its FrontPage Web
creation software contains several server security flaws, including one that was
allegedly created deliberately by a Microsoft engineer.
The latter flaw allows anyone with the correct password to gain access to
otherwise blocked parts of a Web site on a the site’s server as well as to
protected information on other Web sites that may reside on the same server. The
password, "Netscape Engineers are Weenies" has reportedly been part of
the FrontPage program for more than five years to the embarrassment of
Microsoft, which has been accused of targeting Netscape for trying to illegally
hurt that company’s business.
"This is classic Microsoft arrogance," commented a Netscape
spokeswoman Catherine Corre, now an America Online subsidiary. Meanwhile
Microsoft also acknowledged another newly discovered security flaw in the
server-software part of its FrontPage 98 Web creation program. The bug could let
hackers run unauthorized programs on Web servers and cause them to crash.
Microsoft has urged customers to delete the file "dvwssr.dll,'' which
contains the flaw.