When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

The patch is available, did Microsoft miss a few servers, YES!

Exploiting a widely known flaw in Microsoft's Web server software, attackers have defaced three Microsoft Web sites this month.

On Sunday, a Brazilian defacement group known as Silver Lords replaced the home page of a Microsoft customer support site located at https://cust-supp-chat.one.microsoft.com with one of their own.

The defaced page, which was still viewable today, included a message in Portuguese that begins "Bill Gates, my beloved and millionaire friend," and ridicules Microsoft for failing to follow the advice in its security bulletins.

The other defaced sites included the Web home of Microsoft Research's Social Computing Group, and a site for an advisory group for Microsoft's Office suite. All three sites were running Microsoft's Internet Information Server (IIS) software, according to Netcraft.

In an online interview today, a Silver Lords member who calls himself "Lord Choo3s" said he attacked the three sites by exploiting an unpatched flaw in an IIS component called FrontPage Server Extensions.

Microsoft released a bulletin and patch for the buffer overflow flaw, which allows attackers to run code of their choice on a vulnerable server, on Jun. 21, 2001.

To deface the Microsoft sites, Lord Choo3s of Silver Lords, who said he was 15, relied on an exploit published by NSfocus, a computer security firm in China.

News source: Newsbytes - FrontPage Bug Opens Microsoft Sites To Attackers

View: Mirror of defaced site - cust-supp-chat.one.microsoft.com

View: NSFOCUS Security Advisory (SA2001-03) [25th June 2001]

Report a problem with article
Next Article

Free ride is over, Travelocity levy's $10 towards UA tickets

Previous Article

Sony allows you to download music tracks for their CD's

Join the conversation!

Login or Sign Up to read and post a comment.

-1 Comments - Add comment