Geeks With Blogs

BrustBlog Pontifications on Microsoft and the Tech Industry

Recent articles like this one have been speculating on the possibility that a potential flaw in IIS might be responsible for a rash of malicious iFrame attacks that have plagued the Web recently.

It would appear that IIS, ASP[.NET, and SQL Server are not the culprits.  A response to me and others, direct from Microsoft follows.


We have been investigating these reports today and just posted two blog posts about them:

The high-level summary is:

These *are not* a result of any known security issue with IIS, SQL, ASP or ASP.NET (or any other Microsoft product)

These are instead the result of SQL injection issues within the web pages/applications hosted on these sites

You can learn more about SQL injection issues and how to prevent them in a blog post Scott Guthrie did a few years ago here:

 The above blog posts provide more details on the attacks and have pointers on how to make sure your site doesn’t have SQL injection issues.

Posted on Saturday, April 26, 2008 1:58 PM | Back to top

Comments on this post: Reported iFrame Attacks _Not_ Due to MS Web/Database Stack

No comments posted yet.
Your comment:
 (will show your gravatar)

Copyright © andrewbrust | Powered by: