September 10, 2002, 9:45 AM — Microsoft Corp. has apparently gotten to the bottom of a rash of hacking attacks against computer systems running its Windows 2000 operating system, according to a security advisory posted late Friday on its Web site.
On Aug. 30 Microsoft warned customers of an increase in reported hacker attacks against the software but offered few details about the root of the problem. The company Friday modified its original advisory and now says the malicious activity has "lessened significantly."
The software maker said the outbreak of attacks probably did not result from new vulnerabilities in its operating system, but rather from administrators not following standard procedures to secure their servers.
"By analyzing computers that have been compromised, Microsoft has determined that these attacks do not appear to exploit any new product-related security vulnerabilities and do not appear to be viral or worm-like in nature," the company stated in its advisory, available online at http://support.microsoft.com/default.aspx?scid=kb;en-us;q328691.
"Instead, the attacks seek to take advantage of situations where standard precautions have not been taken," the advisory said. "The activity appears to be associated with a coordinated series of individual attempts to compromise Windows 2000-based servers."
The Redmond, Washington, software maker is urging customer to take preventive measures to protect themselves against future attacks. Customers should eliminate blank or weak administrator passwords, disable guest accounts, run up-to-date antivirus software, use firewalls to protect internal servers and stay up to date on all security patches.
The malicious activity has affected only Windows 2000 and not earlier versions of the software, the company said.