Thursday, April 17, 2008 4:59 PM
Potential Critical Security issue in Windows Server 2003/2008 - IIS may be a vector for compromise
As some of you may be aware, Cesar Cerrudo of Argeniss presented a session at the just completed Hack in a Box conference where exploit code was demonstrated that allows certain code running with restricted privileges (e.g. Network Service) to gain high privileges (e.g. LocalSystem). The exploit appears to rely on the fact that certain other processes running as network service have SeImpersonatePrivilege, and the malicious code can use this to gain additional privileges on the system.
Microsoft has released an advisory on this potential vulnerability, and if you are running IIS 6 or IIS 7, you are urged to examine the potential implications and workarounds posted.
Edit: 19/04/2008 - the slides from Cesar's presentation have been posted on the Argeniss website