I'm a little late on this one, but Cesar Cerrudo has announced he's going to demonstrate exploits to Windows Server 2008, IIS 7.0, and SQL Server at the Hack in the Box conference in Dubai:
The Windows Server 2008 exploits appear to be privilege escalation attacks. With IIS 7.0 it looks like an attack on ASP.NET, based on what was posted. He didn't get specific on SQL Server other than to say that it, too, was a privilege escalation attack as well. The Windows Server 2008 vulnerabilities are worrisome because the attacks use the lower privileged accounts to escalate to SYSTEM. This should prove to be an interesting month.
