Microsoft denies fault in hacks
Attacks that have compromised half a million Web sites are not due to any new or unknown flaws in Microsoft IIS or SQL Server, according to the company's security response team.
Microsoft is denying that a recent rash of Web server attacks are the company's fault.
In a blog posted late Friday night, Bill Sisk, of the Microsoft Security Response Center, wrote that the attacks are not due to any new or unknown security flaws in Internet Information Services or Microsoft SQL Server. Rather, he says, the attacks are made possible by SQL injection exploits, and he points Web developers to the company's list of best practices to prevent such attacks.
have affected half a million Web pages, compromising them so they serve up malware, according to several reports. The hacked sites include government sites in the U.K. and sites belonging to the United Nations.