A known bug in Windows NT was exploited by hackers this week, hitting all internet-connected machines running Windows NT in the US. The attack, which coincided with Microsoft Corp chief Bill Gates’ defense of his company before a Senate committee, did no long-term harm and there was no loss of data. But it froze the machines and prevented them from operating. Although major attention was only drawn to the attacks yesterday, they have been going on since Monday. The bug is unleashed via a message from the internet that uses a Windows NT security hole to lock up multiple servers at once. Experts believe the perpetrators are using a variation of the bug known as Teardrop2, which Microsoft identified last year, and for which it released fixes in January. However it appears that these fixes have not been widely applied. Victims include universities, the US military and the NASA space agency. The bug instructs the computer to devote excessive memory resources to solve a problem that can’t be solved. The target machines soon become overwhelmed and subsequently crash. The official line from Microsoft is: The security problem was originally identified and fixed in January, so this is not a new issue. Microsoft takes security very seriously.
