Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

IIS Vulnerability Documented by Microsoft - Includes Workarounds

Published: 2008-04-18
Last Updated: 2008-04-19 22:25:00 UTC
by John Bambenek (Version: 1)
0 comment(s)

Microsoft has just put out an advisory for a privilege escalation vulnerability in Windows that affects IIS and potential SQL server (951306). Basically, authenticated users can use this vulnerability to become LocalSystem. This is probably more of a problem for shared hosting environments were clients could upload malicious code to the webserver and run the exploit to gain additional rights. SQL is less of a problem because permissions have to be explicitly given to allow a SQL user to run code.

The advisory contains workarounds for IIS 6 and 7 that is claimed to blunt this vulnerability.  The only negative impact of those workarounds is to add some extra work when adding users but does block the vector of attack.

There is a public report of this, but apparently no exploits yet.  More when we get additional information, but refer to MSFT's advisory with details on how to workaround.

Update

Cesar's paper has been released and you can see it here

--
John Bambenek / bambenek {at} gmail [dot] com
Neither ran, nor sleet, nor earthquakes shaking my office will stop the ISC

Keywords: iis microsoft
0 comment(s)
Diary Archives