Last Updated: 2006-06-19 16:55:48 UTC
by Johannes Ullrich (Version: 2)
Update: All feedback we received so far points to the microsoft.fr being an isolated issue.
Microsoft confirmed that this does not appear to be a 0-day exploit. The defaced website was outsourced and not under direct Microsoft control. No other Microsoft website was hit.
Some persistant rumors talk about a possible new exploit (0-day?) against IIS 6.0. The defacement of experts.microsoft.fr is used as evidence. At this point, we have nothing to support that claim. If you have any additional evidence, please let us know . An image of the alledged defacement can be found at flikr: http://www.flickr.com/photos/affandesign/169734004/in/photostream/. Also see http://www.zone-h.org/content/view/4767/31/ for a mirror of the defacement.