Microsoft was hacked: the QAZ trojan story
Microsoft has confirmed that its internal network was compromised, with attackers having access for several weeks. The vector was a trojan called QAZ. The implications go well beyond the specific incident.
Notes from the field
Writing
Long-form thinking on cyber defence, detection, and resilience — from Slackware-era honeypots through to AI-driven SOC analytics.
Showing posts tagged microsoft — 4 results.
IIS Unicode aftermath: the broader pattern
A week on from MS00-078. The exploitation pattern played out as expected. Time to step back and think about what this category of vulnerability tells us, and what I expect over the next year.
MS00-078: the IIS Unicode directory traversal
Today Microsoft published MS00-078, a directory-traversal vulnerability in IIS exploited via Unicode-encoded URL characters. The bug is exactly the structural pattern I wrote about last year. The exploitation is going to be widespread.
IIS vulnerabilities and the cost of platform monoculture
Microsoft's IIS web server has been the source of three serious advisories in the last two months. Every one is exploitable against installations using default settings. The pattern is becoming structural and the cost is paid by everyone, not just IIS operators.