Newsbytes
Newsbytes
Newsbytes
Newsbytes Top Nav
Newsbytes
FrontPage Bug Opens Microsoft Sites To Attackers

E-Mail This Article
Printer-Friendly Version

By Brian McWilliams, Newsbytes
REDMOND, WASHINGTON, U.S.A.,
25 Mar 2002, 11:49 AM CST

Exploiting a widely known flaw in Microsoft's Web server software, attackers have defaced three Microsoft [NASDAQ:SFT] Web sites this month.

On Sunday, a Brazilian defacement group known as Silver Lords replaced the home page of a Microsoft customer support site located at http://cust-supp-chat.one.microsoft.com/ with one of their own.

The defaced page, which was still viewable today, included a message in Portuguese that begins "Bill Gates, my beloved and millionaire friend," and ridicules Microsoft for failing to follow the advice in its security bulletins.

The other defaced sites included the Web home of Microsoft Research's Social Computing Group, and a site for an advisory group for Microsoft's Office suite. All three sites were running Microsoft's Internet Information Server (IIS) software, according to Netcraft.

In an online interview today, a Silver Lords member who calls himself "Lord Choo3s" said he attacked the three sites by exploiting an unpatched flaw in an IIS component called FrontPage Server Extensions.

Microsoft released a bulletin and patch for the buffer overflow flaw, which allows attackers to run code of their choice on a vulnerable server, on Jun. 21, 2001.

The vandalized Microsoft support site was also briefly defaced by another attacker today. The defacer, who called himself "Analysis," posted a new message in Portuguese that read "Bill Gates, son of the devil ... go to hell."

To deface the Microsoft sites, Lord Choo3s of Silver Lords, who said he was 15, relied on an exploit published by NSfocus, a computer security firm in China.

Microsoft's bulletin on the FrontPage vulnerability thanks NSfocus for reporting the issue to Microsoft and working with it to protect customers.

NSfocus' advisory about the FrontPage flaw included a disclaimer that reads: "This code is for test purpose only and should not be run against any host without permission from the system administrator."

Among the pages hosted at the cust-supp-chat.one.microsoft.com server is one for unsubscribing from MSN Newsletters. Another page assists users of Microsoft's Passport service who have forgotten their passwords.

A Microsoft representative said the company is "vigilant in our efforts to ensure the security of our network," but added that Microsoft does not discuss or comment on specific attempts or claims of intrusion.

A mirror of the defaced Microsoft support site is at http://www.zone-h.org/defaced/2002/03/24/cust-supp-chat.one.microsoft.com .

SecurityFocus' description of the FrontPage vulnerability is at http://online.securityfocus.com/bid/2906 .

Reported by Newsbytes, http://www.newsbytes.com/ .

11:49 CST
Reposted 15:07 CST

(20020325 /WIRES TOP, ONLINE, LEGAL, PC, BUSINESS/BUGALERT/PHOTO)

My Newsbytes
Free E-Letters

Newsbytes Ads Skyscraper


My Newsbytes | Subscribe | Get a License | Advertise | About Newsbytes | Feedback | Meet the Editors
Newsbytes Bottom Nav
  HomeSearchTelecomE-CommerceComputersWeb Site ReviewsAsiaBusiness & FinanceLaw & RegulationPress ReleasesHomeSearchTelecomE-CommerceComputersWeb Site ReviewsAsiaBusiness & FinanceLaw & RegulationPress Releases