Microsoft France site hack leads to security rumors

Part of Microsoft’s French Web site has been taken offline by hackers, who apparently took advantage of a misconfigured server at the software vendor’s Web hosting provider.

The experts.microsoft.fr Web site was defaced Sunday with the word “HACKED!” written across the top, just above a note that attributed the job to a group of Turkish hackers. The hacked sections were quickly taken down, and remained out of operation on Monday morning.

The defacement led to rumors that the hackers may have used a new undisclosed vulnerability in the company’s Internet Information Services (IIS) 6.0 Web server. Such an unpatched bug is called a 0day in security industry parlance.

Microsoft dismissed these rumors on Monday, saying that the hack was due to a misconfigured Web server.

“We’re not aware of any 0day in IIS in circulation,” said Stephen Toulouse, security program manager with Microsoft’s security response center. “If we were, we would be providing guidance on it.”

Microsoft’s public relations agency confirmed, however, that the Microsoft.fr Web site had been hit by a “criminal” attack. “Microsoft’s initial investigation points to a mis-configuration of a web server at a third party hosting facility as the most likely cause of the compromise,” the company said in a statement.

The hack comes at an unfortunate time for Microsoft. Not only has the company been promoting the security features of its upcoming Vista operating system, it is also in the process of developing a new line of security software, called Forefront.

Because Microsoft has paid so much attention to security of late, it is unusual to hear of such hacks, said Rich Miller, an analyst with Internet research company Netcraft Ltd. “People are noting it because it’s a site that’s related to Microsoft,” he said.

The experts.microsoft.fr Web site is hosted by a company called Pictime, based in Lille, France, Miller said. Pictime could not immediately be reached for comment.

Microsoft plans to add further updates on the issue to its Microsoft Security Response Center blog.

More information on the hack can be found here.