Printed 2017/08/24 03:09AM

New Article: Exploiting SQL Server via CONTROL SERVER permissions


I have a new article up at, covering what someone can do with CONTROL SERVER. Most folks know to look for changes in the sysadmin role, and knowing this, if I want to cover my tracks I don't want to give a login that membership. However, a lot of folks don't look for CONTROL SERVER permissions and this is a mistake. This article shows the exploit that someone with CONTROL SERVER (or being a member of the securityadmin role) can use to escalate privileges on the server.

Potential Security Exploit Using CONTROL SERVER permissions in SQL Server


Copyright © 2002-2017 Redgate. All Rights Reserved. Privacy Policy. Terms of Use. Report Abuse.