Monday, May 20, 2019
  • Home
  •             

Questions about Web Server Attacks

April 28th, 2008 by Patrick S

Bill Sisk just wrote an article on the Microsoft Security Response Centre (MSRC) blog:

There have been conflicting public reports describing a recent rash of web server attacks. I want to bring some clarification about the reports and point you to the IIS blog for additional information.

To begin with, our investigation has shown that there are no new or unknown vulnerabilities being exploited. This wave is not a result of a vulnerability in Internet Information Services or Microsoft SQL Server. We have also determined that these attacks are in no way related to Microsoft Security Advisory (951306).

The attacks are facilitated by SQL injection exploits and are not issues related to IIS 6.0, ASP, ASP.Net or Microsoft SQL technologies. SQL injection attacks enable malicious users to execute commands in an application’s database. To protect against SQL injection attacks the developer of the Web site or application must use industry best practices outlined here. Our counterparts over on the IIS blog have written a post with a wealth of information for web developers and IT Professionals can take to minimize their exposure to these types of attacks by minimizing the attack surface area in their code and server configurations. Additional information can be found here: http://blogs.iis.net/bills/archive/2008/04/25/sql-injection-attacks-on-iis-web-servers.aspx  

As outlined in other reports the security flaw seems to be in poor code on websites, hackers a merely taking advantage of it on a massive scale.
Installing updates and blocking any malicious websites is the best method to protect your IIS Server.

 

Posted in MS SQL, Online Safety, Windows Server System | 2 Comments »


This entry was posted on Monday, April 28th, 2008 at 12:50 am and is filed under MS SQL, Online Safety, Windows Server System. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.


2 Responses

  1. Andy Says:

    I must say that i was shocked when i found that you guys were blogging again, but i am very happy about it. I enjoy reading all of the articles on the blog, and look forward to a better future for it.

  2. Patrick S Says:

    Hey thanks,
    Love to hear feedback 😀