Microsoft advisory targets SQL injection attacks

Microsoft has issued a new security advisory after the discovery of "a
recent escalation in a class of attacks" targeting Web sites. The
exploits are associated with Microsoft's Active Server Pages (ASP)
and the ASP.NET 2.0 Framework, with SQL Server used as an entry
vector for so-called SQL injection attacks.

ASP lets developers create dynamic Web pages, supporting
interactive browser-based applications and e-commerce by connecting
with a relational database (such as SQL Server) on the back

Even though Microsoft's technologies are used in the attacks,
the fault lies with Web site developers that haven't followed the
best practices for security, according to Redmond.

"[The attacks] do not exploit a specific software vulnerability,
but instead, target Web sites that do not follow secure coding
practices for accessing and manipulating data stored in a
relational database," wrote Bill Sisk, security response
communications manager for Microsoft in an e-mail to
on Tuesday.

Microsoft's advisory describes three tools that can help protect
individual Web sites from SQL injection attacks, according to Sisk.
You can also find links to these tools at Microsoft's data platform
blog here. According to Redmond, the free and
downloadable tools come with detection and defense features.

SQL injection attacks are becoming increasingly common. In
April, security consultancy White Hat identified isolated cases of
SQL-based Web sites injected with malicious JavaScript code.
Perhaps the worst of it was seen January, when a widespread barrage of SQL injection
attacks occurred. At that time, tens of thousands of Windows- and
SQL-based workstations were affected, as well as several thousand
Web sites with .gov and .edu domain suffixes. Many of the problems
were remedied before serious damage could be done.

This article originally was published June 24 at, a Web site affiliated with and are owned by 1105 Media Inc.


  • Pierce County

    CARES dashboard ensures county spending delivers results

    The CARES Act Funding Outcomes Dashboard helps Pierce County, Wash., monitor funding and key performance indicators for public health emergency response, economic stabilization and recovery, community response and resilience, and essential government services.

  • smart city challenge

    AI-based traffic management improves mobility, saves fuel, cuts pollution

    Researchers are developing a dynamic feedback traffic signal control system that reduces corridor-level fuel consumption by 20% while maintaining a safe and efficient transportation environment.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.