Microsoft denies fault in SQL Web Server attacks

Microsoft is denying that a recent rash of Web server attacks are the company's fault. In a blog posted late Friday night, Bill Sisk, of the Microsoft Security Response Center, wrote that the attacks are not due to any new or unknown security flaws in Internet Information Services or Microsoft SQL Server. Rather, he says, […]

Microsoft is denying that a recent rash of Web server attacks are the company's fault. In a blog posted late Friday night, Bill Sisk, of the Microsoft Security Response Center, wrote that the attacks are not due to any new or unknown security flaws in Internet Information Services or Microsoft SQL Server. Rather, he says, the attacks are made possible by SQL injection exploits and points Web developers to the company's list of best practices to prevent such attacks.

Ongoing attacks have affected half a million Web pages, compromising them so they serve up malware, according to several reports. The hacked sites include government sites in the U.K. and sites belonging to the United Nations.

All it takes for a user's computer to become infected is a visit to a compromised site. While viewing that site, the injected Javascript loads a file named 1,js. The file is located on a malicious server, which then attempts to execute eight different exploits targeting Microsoft applications.

Source:→ C|Net News

Microsoft, SQL Server, Database Server, Hack, Web Server, Intrusion, Vulnerability

About The Author

Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he's engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.