Susan Bradley has posted her analysis of how her Windows server was hacked.
This is interesting to me, as Bradley is an expert on server administration and patching; I’m glad she has had the courage to post all these details, thus benefiting the community, rather than pretending the server was down for emergency maintenance or the like.
She thinks it was a security bug in IceWarp Web Mail. This appears to be a PHP application. Although the bug has been fixed, she was running an old version because the new one broke some important features.
The explanation sounds plausible to me. So is it applications rather than operating systems that form the most critical security weaknesses today? Yes, but both are involved. I would be interested to know whether the same bug in a Linux installation of IcwWarp would have been equally easy to escalate to the entire OS.