The purpose of Security Advisory 954462 is to assist Web site administrators in identifying possible issues with their Web application code being susceptible to possible SQL injection attacks and to provide a stopgap solution to mitigate SQL injection attacks against the server while the applications are being fixed.
Web site owners and administrators are encouraged to review Microsoft Security Advisory 954462 for an overview of the issue, details on affected components, mitigating factors, suggested actions, frequently asked questions (FAQ) and links to additional resources.
- Microsoft Security Advisory 954462 – Rise in SQL Injection Attacks Exploiting Unverified User
- MSRC Blog: SQL Injection Attacks Exploiting Unverified User Data Input
- SQL Server Injection Protection
- Preventing SQL Injections in ASP
- Coding Techniques for protecting against SQL Injection
- Filtering SQL Injection from Classic ASP
- How To: Protect from SQL Injection in ASP.NET
- Security Vulnerability Research & Defense Blog on SQL Injection Attack