Microsoft Corp. engineers included a secret password in Internet
software that could be used to gain illegal access to hundreds of
thousands of Web sites, The Wall Street Journal reported today.
The rogue computer code was discovered in a three-year-old piece of
software by two security experts, the newspaper said. Contained within
the code is a derisive comment aimed at a Microsoft rival: “Netscape
engineers are weenies!”
Steve Lipner, who manages the company’s security-response center,
described such a backdoor password as “absolutely against our policy”
and a firing offense for the as-yet unidentified employees.
There have been no reports of site access through the code, but the
affected software is believed to be used by many Web sites.
The file, called “dvwssr.dll” is installed on Microsoft’s
Internet-server software with Frontpage 98 extensions. A hacker may be
able to gain access to key Web site management files, which could in
turn provide a road map to such things as customer credit card numbers,
The Journal reported.
Microsoft urged customers to delete the file and planned to warn
with an e-mail bulletin and an advisory published on its corporate Web