Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Microsoft / Security

Security

Microsoft Says Its Technology Is Not at Fault for Massive Web Server Attacks

Security company F-Secure confirms

By Marius Oiaga, Technology News Editor

29th of April 2008, 10:44 GMT

Adjust text size:


Security
Enlarge picture
Microsoft says that its technology is in no way at fault for massive web server attacks having already affected in excess of half a million webpages. The past week, security company F-Secure revealed that over 500,000 pages had been compromised through
SQL injections. The attacks target only websites that are running on Microsoft IIS Web Server and Microsoft SQL Server. However, this does not mean that the products are enabling SQL injections. Bill Sisk, Security Response Communications Manager, Microsoft brought some clarification to the issue.

"Our investigation has shown that there are no new or unknown vulnerabilities being exploited. This wave is not a result of a vulnerability in Internet Information Services or Microsoft SQL Server," Sisk revealed. The Redmond company emphasized that a privilege escalation vulnerability impacting Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 is in no way related to the wave of SQL injections.

F-Secure confirmed that despite the fact that websites with IIS Web Server and SQL Server as their infrastructure are being hit, the "attack doesn't use vulnerabilities in any of those two applications. What makes this attack possible is poorly written ASP and ASPX (.net) code." Compromised websites will serve malicious code packages. F-Secure explained that the attacks are based exclusively on the incapacity of sites with database back-ends to properly sanitize content being uploaded, and not the result of a security flaw in IIS 6.0, ASP, ASP.Net or Microsoft SQL.

"The attacks are facilitated by SQL injection exploits and are not issues related to IIS 6.0, ASP, ASP.Net or Microsoft SQL technologies. SQL injection attacks enable malicious users to execute commands in an application's database. To protect against SQL injection attacks the developer of the Web site or application must use industry best practices," Sisk added.

TAGS:

 SQL injection | IIS 6.0 | ASP | ASP.Net | Microsoft SQL


Rating:
Fair (2.7/5) 4 vote(s) so far    

Read by 679 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Vista SP1 in All Splendor, Like You Never Saw or Heard It Before - Hilarious

Download Firefox 2.0.0.14 - the Wait for Firefox 3.0 RC1 Not Over

Unleashing IT24-7 from Microsoft - New Wallpapers, Screensavers and Info

Vista SP1 RTM Hit by New Hole, XP SP3 Safe

Microsoft Presents the Lost Comparison: Windows Vista vs. Windows XP

Introducing Code-Named Albany Beta

The Ugly Side of Vista SP1 vs. XP SP3

The Vista SP1 vs. XP SP3 Smackdown About to Start

Cybercrime at the Centerstage

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive