A recent escalation in attacks on Web sites exploits unverified user data input. Microsoft Security Advisory (954462): Rise in SQL Injection Attacks Exploiting Unverified User Data provides advice and tools to protect against a rise in SQL injection attacks. The attacks target Web sites that do not follow secure coding practices for accessing and manipulating data stored in a relational database.

But the vulnerability is not exploited in Web applications that follow best practices to verify user data. The Security Advisory provides phone support for customers in the United States and Canada who may have been affected by the vulnerability. International customers are provided a link where you can get help locally.

The Security Advisory provides an overview of the issues, a section for frequently asked questions and a series of suggestion actions that includes tools to help identify if your site is vulnerable. You can check your site whether or not you have source code. Tools help you with both ASP and ASP.NET sites.