Thousands of Web Pages Vulnerable Thanks to Bill Print
Written by Rebecca Mints   
Tuesday, 29 April 2008 18:00

Microsoft's Web server left half a million web pages and thousands of websites vulnerable to hackers, even some that belonged to the United Nations, according to security firm Websense. Along with the United Nations the target was also other Government websites. The bullseye was IIS (Internet Information Services), and the exploit was via an exploit that Microsoft was already aware of.


Despite the advisory being released on April 17th by Microsoft, there was little time for system administrators to make the necessary adjustments. Microsoft adamantly defends themselves and says they were not at fault in the tidalwave of attacks. According to Bill Sisk, a member of Microsoft's Security Response Centre, "Microsoft's investigation has shown that there are no new or unknown vulnerabilities being exploited." He also remarked "his wave is not a result of a vulnerability in Internet Information Services or Microsoft SQL Server. The attacks are facilitated by SQL injection exploits and are not issues related to IIS 6.0, ASP, ASP.Net or Microsoft SQL technologies."


The way a hacker exploits this is by utilizing trusted websites such as the United Nations. People feel at ease on such sites and let their guard down, and then they are served malicious Javascript. It can then load into an iFrame from a third party server.



REFERENCES:
Security ProPortal.com
Microsoft vulnerability compromised half a million web pages