The popularity of Microsoft’s software can be a mixed blessing for the software giant. On the one hand, Microsoft software is a frequent target of security and other malicious attacks. But, in addition to Microsoft’s own staffers, there’s a virtual army of security researchers poking and prodding Microsoft’s software to make sure it’s secure. Case in point, eSecurity Planet reports on a hole researchers recently uncovered in Windows Server software that could help hackers break the software’s encryption. The article discusses a workaround solution Microsoft is offering as it scrambles to provide a more complete solution.
Microsoft is rushing to block a serious hole in its implementation of the Advanced Encryption Standard (AES) that leaves Windows Server open to attacks that could cause users’ server systems to provide hints to hackers on to how to break the systems’ encryption.
The hole was disclosed late Friday by researchers Thai Duong and Juliano Rizzo at the Ekoparty Conference in Buenos Aires, Argentina.