Dan discovered that code for the public facing web sites of a global retailer and hospital, among others, were able to be viewed and modified due to a vulnerability in server software from Microsoft. After initial skepticism of an open attack vector, Dan demonstrated ability to change files without any credentials and subsequently instructed their in-house IT personnel on how to patch.