Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

K. Brian Kelley - Databases, Infrastructure, and Security

IT Security, MySQL, Perl, SQL Server, and Windows technologies.

Vulnerability announcements coming for Windows products

I'm a little late on this one, but Cesar Cerrudo has announced he's going to demonstrate exploits to Windows Server 2008, IIS 7.0, and SQL Server at the Hack in the Box conference in Dubai:

Windows Server 2008, Still not totally secure 

The Windows Server 2008 exploits appear to be privilege escalation attacks. With IIS 7.0 it looks like an attack on ASP.NET, based on what was posted. He didn't get specific on SQL Server other than to say that it, too, was a privilege escalation attack as well. The Windows Server 2008 vulnerabilities are worrisome because the attacks use the lower privileged accounts to escalate to SYSTEM. This should prove to be an interesting month.

 

Comments

No comments.

Leave a Comment

Please register or log in to leave a comment.