A new SQL injection attack aimed at Microsoft IIS web servers has hit some 500,000 websites, including the United Nations, UK Government sites and the U.S. Department of Homeland Security. […] However, the vulnerability is the result of poor data handling by the sites’ creators, rather than a specific Microsoft flaw.
In other words, there’s no patch that’s going to fix the issue, the problem is with the developers who failed follow well-established security practices for handling database input.
Woo, don’t I feel secure now! The Department of Homeland Security can’t even manage to prevent basic network based attacks on their public websites.