News

Hacker Defaces Microsoft U.K. Web Page

A hacker managed a rare feat Wednesday, successfully attacking a Web page within Microsoft's U.K. domain and replacing the page with several graphics related to Saudi Arabia.

The hacked page was a U.K. events page here. It has since been fixed. According to the security site Zone-h, a SQL injection attack is the likely culprit. Zone-h reported the hack methodology: "Most probably, the attacker exploited the site by means of SQL injection to insert the HTML code "" in a field belonging to the table which gets read every time a new page is generated." This would work on a page utilizing Microsoft's SQL Server.

The defaced page had three images: a child waving a green and white flag of Saudi Arabia, a woman with a green scarf over her face and a stand-alone image of the Saudi Arabian flag. Beneath the flag is a message that reads "HACKED BY rEmOtEr".

U.K. website The Register quoted a Microsoft spokesperson as saying that although the attack was embarrassing, it didn't appear to be serious. "There is no reason to believe customer data or any other sensitive information has been compromised."

About the Author

Keith Ward is the editor in chief of Virtualization & Cloud Review. Follow him on Twitter @VirtReviewKeith.

Featured

  • The 2021 Microsoft Product Roadmap

    From Windows 10X to the next generation of Microsoft's application server products, here are the product milestones coming down the pipeline in 2021.

  • After High-Profile Attacks, Biden Calls for Better Software Security

    Recent high-profile security attacks have prompted the Biden administration to issue an executive order aiming to tighten software security practices across the board.

  • With Hybrid Networks on Rise, Microsoft Touts Zero Trust Security

    Hybrid networks, which combine use of cloud services with on-premises software, require a "zero trust" security approach, Microsoft said this week.

  • Feds Advise Orgs on How To Block Ransomware Amid Colonial Pipeline Attack

    A recent ransomware attack on a U.S. fuel pipeline company has put a spotlight on how "critical infrastructure" organizations can prevent similar attacks.