Quantcast
Subscribe to magazine

Security Flaw Shuts Down Microsoft Store

Online developers store remains closed after reports of vulnerability that could expose customer data.

Todd R. Weiss, Computerworld

  • 0 Yes
  • 0 No

Microsoft on Monday acknowledged that it shut down a Web site for an online Microsoft Developers Store last Thursday to look into a possible security vulnerability that could compromise customer information.

The alleged security problem involved a defective script used in the creation of the Web site, according to a posting by a developer at the SecurityFocus.com Web site. The script allegedly had a hole allowing access by an intruder, who could then obtain customer information from the site.

The store is a site used by software developers to download product betas, evaluation kits, and other information.

Cesar Cerrudo, the developer from Argentina who posted the report about the alleged flaw on Thursday, wrote in his post, "I don't know when they gonna fix it, so don't put your personal info there until they fix it and you alredy do it humm...it's your problem :). Hey, Microsoft people, why don't you test your webapps?"

No Response

Cerrudo, reached by telephone at his home in Parana, said he stumbled upon the security hole while he was shopping on the site for a beta copy of the latest Microsoft Visual Studio software. After he found the alleged flaw, he said he e-mailed Microsoft to notify the company but didn't get a response after 14 hours.

That's when he posted a message with SecurityFocus.com, he said. He still hasn't heard back from Microsoft, he said.

A message posted by Microsoft on the Web site says the "Microsoft Developer Store is temporarily unavailable."

A Microsoft spokesperson said the site was shut down after the company was notified by a list moderator at SecurityFocus.com of Cerrudo's posting. The site is hosted by a third-party vendor for Microsoft and isn't linked to any Web sites on Microsoft's own network, the spokesperson said.

The company has been reviewing the post's claim and is working to see if there are any problems that need to be fixed, she said. "Microsoft as a company is vigilant about taking reports like this seriously," the spokesperson said. She wasn't sure when the site would go back online.

Charles Kolodgy, an analyst at IDC in Framingham, Massachusetts, said such security problems are everywhere.

"It just always goes back to the idea that software is complex," Kolodgy said. "It's a whole software thing. It's not just a Microsoft thing. I think these things just continue to show that we need more discipline in the way that software is developed and coded."

Computerworld
For more enterprise computing news, visit Computerworld. Story copyright © 2007 Computerworld Inc. All rights reserved.

  • Recommend this story?
  • 0 Yes
    0 No

Print 65% more pages than with refilled inks. Trust Original HP Inks. Hit Print Reliably.

Featured APC Accessories For Your System
10% Off Entire Cart at Online Store

  • APC Back-UPS ES Safeguards your equipment from damaging surges and spikes that travel along your utility & data lines.
  • APC SurgeArrest Performance Highest level of protection for your professional computers, electronics and connected devices, as well as provides surge protection.

People who read this also read:

  • 2007 Microsoft Office Suites Comparison This paper compares and contrasts four suites of the 2007 Microsoft Office system: Microsoft Office Standard 2007, Microsoft Office Professional Plus 2007, Microsoft Office Enterprise 2007 and Microsoft Office Ultimate 2007. This paper is intended to help organizations understand the applications and capabilities offered, and to identify the suite that best fits their needs.
  • Windows Vista Migration: The Business Proposition It's not so much a matter of "if" but "when" for most organizations regarding migration to Windows Vista. Laying the groundwork now for this migration can yield higher ROI than waiting until later. This Computerworld Technology Briefing explains it all.

PC World's Marketplace