ZDNet UK has information about the Microsoft website hack from this past Wednesday.
Details have emerged of an attack which defaced Microsoft’s UK website.
Hackers broke through the site’s security, defacing it and replacing genuine content with a photo of a child waving a Saudi Arabian flag.
It is likely that Microsoft.co.uk, which was breached on Wednesday, was subverted using SQL injection, according to security site Zone-H, which has also run a picture of the defacement. “Most probably, the attacker exploited the site by means of SQL injection to insert HTML code in a field belonging to the table which gets read every time a new page is generated,” said Zone-H on its site.
Microsoft said it was investigating the breach. “Microsoft has learned of a criminal attempt to deface a sub-site of Microsoft.com,” the software giant said in a statement. “Upon notification of the criminal activity, Microsoft took the appropriate action to resolve the issue and stop any additional criminal activity. Microsoft is not currently aware of any customer impact as a result of this criminal activity but will continue to investigate the incident and take any necessary action to help protect customers. In addition, the defaced website was restored to its original content within hours.”
“We apologise if customers are inconvenienced by the unavailability of the affected website. Microsoft is committed to helping protect our customers and we’re working diligently with the third-party hosting company to ensure the continued security of the website.”
[tags]Injection, Microsoft Hack, Microsoft Website Defacement[/tags]
