MS Accepts Korean Site Attack
Software giant, Microsoft, has acknowledged that its South Korean website has recently been victimized by hackers. According to reports, the attack was directed on the news section of the site.
Microsoft s spokesperson Adam Sohn confirmed that the site had been attacked on Tuesday morning, and the company had taken the site offline for a few hours to fix the problem.
Investigations have revealed that hackers had placed an iFrame on the site, which took advantage of an iFrame vulnerability of Microsoft s Internet explorer (IE), for which the software company had issued a patch in December last year.
The vulnerability that empowers the hacker to take control of the victims PC, was only capable of harming un-patched PCs. Systems with Microsoft s Windows XP Service Pack 2 security update are not vulnerable to the attack.
The vulnerability would allow attackers to scan the visitor s computer and activate malicious code to steal passwords from the computer.
Security researchers discovered the vulnerability and informed Microsoft. The company then traced the problem and corrected it within hours. However, the company could not confirm for how long the malicious code was online and the number of visitors that might have been affected by the attack.
Microsoft claims that the Korean site was not hosted by Microsoft and may have been on an un-patched server, which could be the reason of the attack, the company is confident that its other MSN websites were not vulnerable to the attack.
Microsoft s spokesperson Adam Sohn confirmed that the site had been attacked on Tuesday morning, and the company had taken the site offline for a few hours to fix the problem.
Investigations have revealed that hackers had placed an iFrame on the site, which took advantage of an iFrame vulnerability of Microsoft s Internet explorer (IE), for which the software company had issued a patch in December last year.
The vulnerability that empowers the hacker to take control of the victims PC, was only capable of harming un-patched PCs. Systems with Microsoft s Windows XP Service Pack 2 security update are not vulnerable to the attack.
The vulnerability would allow attackers to scan the visitor s computer and activate malicious code to steal passwords from the computer.
Security researchers discovered the vulnerability and informed Microsoft. The company then traced the problem and corrected it within hours. However, the company could not confirm for how long the malicious code was online and the number of visitors that might have been affected by the attack.
Microsoft claims that the Korean site was not hosted by Microsoft and may have been on an un-patched server, which could be the reason of the attack, the company is confident that its other MSN websites were not vulnerable to the attack.
Comments