Microsoft: Possible Server Security Woes for Search

April 26, 2008

The Washington Post’s Brian Krebs asserted on the newspaper’s security Web log that “hundreds of thousands of Microsoft Web Servers are hacked”. Security is a slippery fish, and the reports from security vendors leave me looking for additional corroboration. You can judge for yourself by reading this essay yourself.

The attack he writes “is coming in waves, with the bad guys swapping in new malicious downloader sites every few days.”

You can keep up with the more highly ranked comments on this topic by clicking this link to run a query on Google News.

The flaw, according to VNUnet.com’s take on the problem exists within the handling of code for IIS or Internet Information Services and SQL Server, two widely used Microsoft products. Many enterprise search systems running on a Microsoft platform will have these two servers as well.

The vulnerability exists when IIS connects to the Internet. If your enterprise search system makes use of IIS, you may want to look for this in your Web pages: <script src=http://www.nihaorr1.com/1.js> as reported by Internet News here.

With a big push in the works for SharePoint which meshes with IIS and SQL Server, the Fast Search & Transfer team will have to ramp quickly to hit the ground running with regards to search in a Windows world.

Stephen Arnold, April 26, 2008

Comments

One Response to “Microsoft: Possible Server Security Woes for Search”

  1. Daniel Tunkelang on April 26th, 2008 3:14 pm

    Looks like the web site for the Conference on Information and Knowledge Management may be a victim of this security flaw. Noted on Jon Elsas’s window office blog.

  • Archives

  • Recent Posts

  • Meta