Microsoft UK Web Site Hacked via SQL Flaw

More details are now available on the hacking of the Microsoft UK Web site, with experts saying that the attackers got in through a SQL injection exploiting a vulnerability in the Web server software.

The attack, which occurred last Wednesday, defaced the front page of the Web site and inserted the image of a child waving the flag of Saudi Arabia. According to Zone-H.org, a hacking news Web site, the attacker used the SQL flaw to inject his own HTML code.

Microsoft has not confirmed how the attackers entered the site, saying only that it was investigating and had removed the injected code to return the page to normal. It also took action to ;stop any additional criminal activity."

It also said it was in contact with the third party which hosts the UK Web site to improve the security and prevent similar attacks from occurring. It is not known whether the database that was hacked was Microsoft's, although Zone-H speculated that it was MS SQL Server.

Microsoft's security chief in the UK played down the incident in an interview with ZDNet UK. ""Criminals are always trying to steal or break into systems--it shows we can't be complacent," Ed Gibson said. "Unfortunately, these things happen."

14 Responses to Microsoft UK Web Site Hacked via SQL Flaw

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.