Part of Microsoft’s French website has been taken offline by hackers, who apparently took advantage of a misconfigured server at the software vendor’s Web hosting provider.
The experts.microsoft.fr website was defaced Sunday with the word “HACKED!” written across the top, just above a note that attributed the job to a group of Turkish hackers. The hacked sections were quickly taken down, and remained out of operation on Monday morning.
The defacement led to rumors that the hackers may have used a new undisclosed vulnerability in the company’s Internet Information Services (IIS) 6.0 Web server. Such an unpatched bug is called a 0day in security industry parlance.
Microsoft dismissed these rumors on Monday, saying that the hack was due to a misconfigured Web server.
“We’re not aware of any 0day in IIS in circulation,” said Stephen Toulouse, security program manager with Microsoft’s security response center. “If we were, we would be providing guidance on it.”
Microsoft’s public relations agency confirmed, however, that the Microsoft.fr website had been hit by a “criminal” attack. “Microsoft’s initial investigation points to a mis-configuration of a Web server at a third party hosting facility as the most likely cause of the compromise,” the company said in a statement.
The hack comes at an unfortunate time for Microsoft. Not only has the company been promoting the security features of its upcoming Vista operating system, but it is also in the process of developing a new line of security software called Forefront.
Because Microsoft has paid so much attention to security of late, it is unusual to hear of such hacks, said Rich Miller, an analyst with Internet research company Netcraft. “People are noting it because it’s a site that’s related to Microsoft,” he said.
The experts.microsoft.fr website is hosted by a company called Pictime based in Lille, France, Miller said. Pictime could not immediately be reached for comment.
Microsoft plans to add further updates on the issue to its Microsoft Security Response Center blog.
More information on the hack can be found here.
— Robert McMillan, IDG News Service (San Francisco Bureau)
This article is posted on our Microsoft Informer page. For more news on the Redmond, Wash.-based powerhouse, keep checking in.
Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.