| Jun 24, 2008 |
Microsoft Releases Security Advisory Microsoft has released a Security Advisory to alert users of a recent increase in SQL injection attacks targeting websites using Microsoft ASP and ASP.NET. These attacks target websites that have inadequate secure coding practices for accessing and manipulating data stored in relational databases. If an attack is successful, an attacker may be able to compromise the website and inject arbitrary content or obtain sensitive data. Any user visiting the compromised site may be unknowingly redirected to a malicious website that could attempt install malicious code onto the system. US-CERT encourages website administrators to review Microsoft Security Advisory 954462 and implement any necessary Suggested Actions listed in the advisory. Users are encouraged to implement best security practices as described in the Securing Your Web Browser document to help mitigate the risk. |