As we posted early yesterday, we received information that there was a security hole in MS beta newsgroups, which let anyone with a valid beta account view all the newsgroups on the server. This issue has now been fixed. When trying to use the exploit now gives a "file not found error".
Microsoft has given Neowin an official response:
Earlier this week, Microsoft found and fixed an error on Betanews that could allow members of Microsoft's Beta tester programs to view newsgroups for products beyond those they were testing. This error did not compromise any customer data. Those accessing sites not associated with their particular beta had only viewing rights. They were not able to post responses or provide input. These newsgroups offer beta testers a venue in which they can provide feedback to Microsoft and discuss with other beta testers ideas and information each has gained during the beta testing process.
The exploit explained:
Log into web news and click on any beta program you are enrolled in. In your Address Bar (http://webnews.microsoft.com/newsgr...ult.asp?icp=xxx) Replace the ICP number (in bold) with one corresponding to another newsgroup and it will be displayed. Read more for The ICP list
View: Neowin Post: Microsoft BetaNews 'Wide Open'
Microsoft has given Neowin an official response:
Earlier this week, Microsoft found and fixed an error on Betanews that could allow members of Microsoft's Beta tester programs to view newsgroups for products beyond those they were testing. This error did not compromise any customer data. Those accessing sites not associated with their particular beta had only viewing rights. They were not able to post responses or provide input. These newsgroups offer beta testers a venue in which they can provide feedback to Microsoft and discuss with other beta testers ideas and information each has gained during the beta testing process.
The exploit explained:
Log into web news and click on any beta program you are enrolled in. In your Address Bar (http://webnews.microsoft.com/newsgr...ult.asp?icp=xxx) Replace the ICP number (in bold) with one corresponding to another newsgroup and it will be displayed. Read more for The ICP list
View: Neowin Post: Microsoft BetaNews 'Wide Open'
Some of the more interesting newsgroups that were exposed today:
Longhorn =890
directx9 SDK =943
windows update =708
VS preview = 984
office 11 = 792
wm5 = 973
VS Whidbey = 983
Cobra = 968
Everest = 963
Yukon = 969
Adam Beta = 974
Srv2003 SP1 = 991 -w2k3 sp1
reporting services = 978
Mediacenter Partner=979
Security Configuration Wizard = 985
OfficeISV Tech SUpport = 986
Jupiter One Partner Program = 988
Officexp sp3 = 990 softwareupdatesvcs = 994
unix sa = 995
MOM 2004 = 1011
Securing WLANs v1.2 =1013
vfp8 sp1 = 1015
MSN Beta = 1020
MBSA V1.2 = 1021
Ozone Update = 1022
windows installer = 1023
Microsoft Speech Server = 1024
We wanted to work with ms to resolve the issue, not make it anyworse.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.