Microsoft denies SQL compromises due to IIS

By Justin Mann on
Last week we reported on a massive SQL injection exploit that could be affecting a large number of sites. While the source of the problem was apparent to many, some others were prematurely pointing the finger at IIS, which upset Microsoft.

Seeking to alleviate fears, the software giant has outright denied that IIS is to blame, claiming that the affected servers were not compromised due to security flaws inside IIS or Microsoft SQL Server. At the same time, they pointed to coding practices they feel help prevent such exploits from occurring. Microsoft is certainly correct this time in asserting that IIS is not the source of the problem, though with the troubled history of IIS it is easy to understand why many would assume such.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.