April 27, 2001, 3:47 PM — A Microsoft Corp. technical support server that accidentally lacked antivirus software caused 26 of the company's largest support clients to be left vulnerable to the FunLove computer virus late last week.
In an announcement yesterday, the software maker said the lapse occurred in a computer server used to store "hotfix" software updates for business support clients. Several of the hotfix files became infected with the FunLove virus, which were then downloaded by the 26 tech support customers.
The infected hotfixes were available only through Microsoft's corporate subscription-based Premier Customers and Gold Certified Partners support programs and weren't available to other customers.
Michele D'Amour, a Microsoft spokeswoman, said today that the antivirus software should have been installed on the affected server, but it had inadvertently been overlooked. "Microsoft's corporate standards regarding virus scanning were not followed," she said.
This is the second time in the past six months that a server at Microsoft has been left vulnerable to attackers because of missing software. Last fall, a Dutch hacker penetrated one of Microsoft's Web servers on two occasions after the company failed to install one of its own software patches on the machine.
Microsoft also acknowledged in January that it "did not apply sufficient self-defense techniques" to key parts of its computer networks before being struck by denial-of-service attacks that left the company's Web sites inaccessible. And in another high-profile incident, Microsoft disclosed last October that its internal network was broken into by intruders who were able to view the source code for an unspecified future product.
The latest problem was discovered by a Microsoft employee in the company's product support services department, and the infected files were removed from the server on April 20, the day after the infected updates were made available.
Microsoft immediately sent out an e-mail message to its Premier and Gold Partner customers advising them of the problem, D'Amour said, and clean copies of the hotfix files were made available to customers. Microsoft account managers also contacted the 26 customers who were believed to be affected and checked their systems for the virus, making repairs as necessary.