David Litchfield has put out a brief (as
he says it, "It's called a brief because there's enough meat to make it
interesting but not enough to make it a paper 😉 ) on why no one should
log onto a database server (or any server hosting network based
services which use Windows authentication) with administrative rights.
I understand the gist of how the situation can be exploited. However,
from a practicality perspective, this is a problem. I suppose a work
around is to log on as a power user, stop the service, then log on as
an administrator, although if an exploit can get placed on the server,
even this isn't altogether safe. This makes doing things like applying
security patches and the like problematic given that many of the
automated tools do so using a Windows-based login to push a package
down upon the system (Microsoft's WSUS being an exception).
You can find the brief here: http://www.databasesecurity.com/dbsec/db-sec-tokens.pdf
