The e-business marketing manager for Microsoft Australia, Dave McNaughton, told ZDNet Australia that roughly a quarter of customers using the Microsoft server would be vulnerable to the security flaws.
"Half the customers who use our server use it for Intranets rather than Internet, so they have a very low level of risk," he said. "Of the customers that use it for Internet, about half of them choose to use a feature which allows them to post statically, so the vulnerability doesn't exist."
Calum Russell, solutions marketing manager for IT infrastructure at Microsoft Australia, told ZDNet Australia that Microsoft had informed all of its product support engineers and account managers, and sent around a security bulletin concerning the flaws.
-They have to tell us they want to be informed about this type of occurrence, and we tell them immediately," he said.
One of the three flaws found by security researcher Joao Gouveia could allow an attacker to take control of the server by exploiting a memory flaw in a feature designed to allow a Web site's owner to restrict access to certain Web pages.
"By sending a specially chosen request to an affected server, an attacker could either disrupt Web services or gain the ability to run a program on the server," the advisory said, available on Microsoft's site. "Such a program would run with full system privileges, and be capable of taking any action the attacker desired."
Two other flaws, one in the server's content authoring features and another in its database features, could also leave the virtual gate open to the Internet's Huns, though to a lesser degree.
Microsoft released a patch Wednesday for the application that fixes all three problems.
Microsoft representatives did not know how widely the Content Management Server 2001 was deployed, but stressed that the company treats each vulnerability based on how serious the flaw is.
"If we have one user or 10 million users we will treat it as appropriate for the vulnerability," said Christopher Budd, security program manager for the software giant.
