|
|
|
Hacker Pours Cold Water on Windows Server 2008 Security Design
By: Ryan Naraine
2008-03-27
Article Rating:  / 58
There are 20 user comments on this Network Security & Hardware story.
Argeniss founder Cesar Cerrudo has found serious design weaknesses that could allow a skilled hacker to take complete control of the operating system.
A hacker picking apart the security model of Microsoft's brand new Windows Server 2008 has found serious design weaknesses that render some of the product's new security protections "useless."
Cesar Cerrudo, founder and Chief Executive Officer of Argeniss Information Security, in Parana, Argentina, says the weaknesses could lead to privilege escalation attacks opens the door for a skilled hacker to take complete control of the operating system.
"[We found] from design issues that were not identified by Microsoft engineers during the Security Development Lifecycle, and allows accounts commonly used by Windows servicesNETWORK SERVICE and LOCAL SERVICEto bypass new Windows services protection mechanisms and elevate privileges, Cerrudo said.
He said the discovery also affects Internet Information Services 7 in the default configuration, allowing ASP.NET applications to "completely compromise" operating system security.
Cerrudo, a security researcher who is highly regarded for his work on database security, said the problem also afects Windows Vista, Windows XP and Windows 2003.
"On Windows XP and Windows 2003 the problem is especially severe since any Windows service, even when running under a low privileged account, can potentially break through the security protections and fully compromise the operating system. This includes all web applications deployed on Internet Information Services 6," he added.
Cerrudo declined to provide technical details of the attack scenarios. He plans to discuss the issue at the upcoming Hack in the Box Conference in Dubai, United Arab Emirates.
In that talk, entitled Token Kidnapping, Cerrudo said he will explain how it is possible in Windows XP and 2003 to elevate privileges to LOCAL SYSTEM from any process that has impersonation rights.
Vulnerable, but Still an Improvement
In Windows Vista and Windows 2008, he plans to show how to elevate privileges to LOCAL SYSTEM from processes running under NETWORK SERVICE and LOCAL SERVICE accounts.
At the Hack in the Box conference, Cerrudo said he will demonstrate zero-day code for elevating privileges in SQL Server and Microsoft's Internet Information Services.
Even as he set out to pour cold water on the design weaknesses, Cerrudo said his audit found that Windows Server 2008 was "generally more secure than previous versions."
Microsoft has touted Windows Server 2008 as its "most secure server" to date, featuring architectural and defense-in-depth protections similar to those fitted into Windows Vista.
The operating system has been hardened to help protect against failure and several new technologies help prevent unauthorized connections to networks, servers, data, and user accounts.
It comes with NAP (Network Access Protection) to handle health checks; enhancements to make Active Directory services a unified and integrated IDA (Identity and Access) solution; and (RODC) Read-Only Domain Controller and BitLocker Drive Encryption to allow users to securely deploy Active Directory databases.
| | Reader Comments: Hacker Pours Cold Water on Windows Server 2008 Security Design | | >>> Post your comment now!
| | A user comment on this articleM$ might hire these guys to beat down their code but they would never survive in the structured design and coding world where their skills would... Posted At: 04-08-08
By: My 2 cents | | | | | | A user comment on this articlemicrosoft has hired a bunch of whitehats at various times including the people from the LSD group, and they consult with companies like n.runs and... Posted At: 04-04-08
By: Anonymous | | | | | | A user comment on this articleWow... for all of those on the 'dumb-ass' track, here is an article you can read. Maybe one day you will understand it... Posted At: 04-04-08
By: pb | | | | | | Zero Day ExploitsThe reason why you listen to some unethical person like this is that even if you don't, every script kiddie and dark side hacker out there will be... Posted At: 04-02-08
By: Anonymous | | | | | | Wow so much to respond toFirst Alastair and Dumb Article, Win 95 was DOS based and used an entirely different kernel than the NT/XP/etc. I'm guessing this is something... Posted At: 04-02-08
By: Anonymous | | | | | | CredibilityLook, the author does not have the education to spell simple words correctly, or the skill to use a spell-checker. Have pity, he is doing the best he... Posted At: 04-02-08
By: Anonymous | | | | | | A user comment on this articleOn the contrary, it looks like the same nonsense about system acounts with no detail whatsoever! Posted At: 04-02-08
By: Anonymous | | | | | | >>> Post your comment now! | | | | | |
|
 |
|
|
�������xr8(�ViW1E]RleMٖR:��EB��!)/w^9q_>�M�-yvW.["�2H$���Iȩ3&g9)ٝGo,z�Ijû@�Be�zNULsJ�Զn�L7n[c3�P/�?`���᳙(,�Q � tjGt0]2x�Ե;k:&gwek/cߨ�[�`&`1Z�lR!�j
�9i�?i='@I�Rb(�Ѻ�}(D�ߵ-m:
\'|+�*C7�ܩx8ս/DeO�^b&{�By4��5��;^7�w2`q�|&�k`Tl~�m�ڮ�U�X'�[vkx!�BP�#"F�\ςgwM�դqؓ�IuhlUD`iRi13
LmC1kk�Rը>lYG|ݑ|Y#Xo:Q� ��æ�&q#!_TB�p` F�R�Bm
Olˇ�;)A'�ס"
G�m_j|��uzs's~3 r�d�HU
&� �] p==\'DL<:/yӝÌfؖqwh �J5(�J\S�x6k9{ۖ3p*sgyÝ6NiR;wN.r$�(֝kp
mKIu]+h5�e=;yظ} �d}#5��UJ�`Z.�
�$�_����::_B^�,9hr�
Ce)#p?�݃I��hJq�䰉kذ�1�"%��hJqO{�e��$�}ВEtBAͨ0
.)J�!"xF3E�!\J��!=!
g�|��8Jn.b?
[˚&�ᇰfeٜ҅%]WaNLoQ#L
.�uƍv"yڽ^C�8^%g�5F8�,h�eݴ%!�8WG5MGRŦcWJPX=(JMU�~�_p�-~~b2B��c�gLt `: 0h��vz�>RӚOCq�OCGs�>H2胎6ml8�-Ɖ�"�
,70}HOQI�4WX(=�c�O6%_�¤><�)gV��=H:}mP`��5$ǎC-ߟ�L
�s#08w
ɍ�5�y0f+wEPb�L{��TM}��PC�n@�}S(�r`@YS9�ݲeǀxԜ�л�u�%w2J}g�n.G))(ߓ�]HPw9�J�
B�!\��0H�=`PR1i�Jl�Ri Sw�RTD;7 KŔ=*%�nqR%a 934YIjL=?�j1!U�G�,D`v9J,L��.�[
O�6�je[+�R,4�T(9
�N+ZIQ���Q#�U^?)p[�L9<�p��`�*�1 7R�'��~Xz�/��,Â�IșuS)=L["z
[�q3�7o�j�7ab##Ylwe��ٜi8S�A�0>A̞P��,j\p�>r|>�I8�%o5+=;dp3 �yW*�ܼ?
b>Ȝ 8C��_gM������Y�!�Q OzBnehJJ*$,4�)pd�j�K�ݼ^`�";hqNNRНB#@9z�QkڞYWo%<4~k�m�H_ƠT�.
B[+�� M
�2%W��}kaԕ %/D�A
n:bX�G6�X�iМ^fdTR4&�tz:�{j,j&M�?&�TYOӟ@�xz#�oՒh�Mb1v�g%�A qsG�IjJirib>��MKϵ("{j�ln��6��8{y4!%6$;~L�'V
�x�ZU�S=#�kQb恊7�_E30k�%�lD~ȁUraә;�Ңw^^Sv?~Fl2�_ۄ��歰C`V~`N�g43aJ�Y6 }˾_G�>t�ZB_`֚�?̆RPIڏ9&�_G5�k�^��ˣ6Wȵm62躢{�Ʊ4g3t%rf9�h��)&
zqDe�,Za秺�
#�ؚyywPz?19�r]ilu�0q`(1Z3:uV*[O�;$!WT7m�Lqb
֚p성 �.c"}=��0"t�n�_8R" @548��
y�} *��jq�1�
b
(h
bAzpSE��ϯabIta1�:C�5�z_{=2dB4�]e�n�sn.y >{�V�N0aE�>yL��Z<|�˰"U`
}JZYPIb+�ģCY��V� W�MU���p`{��y�~�t=G�hCx�Z
&�`�i@%��p�LM{jJwg
`�Z7~cIgV`]br[�|8.coJ@?�(1[Z qLzWO!SB�9�^%L��ɹ%w��A֮N�ZPn2i`$�ez;S�xY3'Gu�"�M."�́08h#2"n{=!��an�$��0�뇭N�:@"��c�].�2|Y{ޘ#i
�}KU�Ք1�Ze�ɢ7)Ь6�V�#�iB/ex.N3 a;6}b;?/��i�)T�EXqkX��=O
f+(U|`�y5�&Q�rIu�E
l&ŏh(UrvݏC>Q�kQ��ud*�+ZR�^=*�9
ZlmM�
��l⊗qoZCs�τkox~�E�652j=kR�`J$�¸�_v^�Iў@>�b2�at53yp0͎�s�-$َ�Vum4uH�"5{Hq-�$˴��I>N�����0atA�*¾�G�.CGTTFog�GD�0|����^%u͇RiE�mT)�~ܑNY 8zA�bzQ�=Y�r�v�jT
�rF2�R@BZNb.x<'߾�b[D �'T'.n\'+cI`���E�q��8x�
26/ȟ�-�1{ݳO{;=H�_BQ`n�о(&wmOI�@��NEw%]�WVd�4�}=Kͳ}�u?�y{`o&o=)sǣA��3g伅)ћݳ^QW�{20�}~vkW};
?--8t�ǠC�R�I1&�$Z^VP**sᔤvSǔW>��@X�d1җ30d&'a=K��=#tzoo=إ�֛%��X6�ȳ�tj9�N7Ce�/mJY)(59Bx:tda�~vC+:BLm
�wbiMA`'K.#�y�&J��.#N,�7=F1+�Av9�:)6zb:{'Cq�$ܮe�0X2�JR�Ec�餣Eكҷq��-DVC�tu�tge�{+�b! &0c.��3�pe��y~_L�v�q�Gl+�4vX;mƂ6�n$�~�g&!xXyB�%W�ޮ8l��D(�<0ߦLb8=>\j�v,O&�"!>2cSrbwXhE5�xx<>˱Fv��}Y��,�Ǚ��Y��F:I�qVJV�O�7l,: �q��͛�9H�yfQ
g>�7S/xZ�_<ݩ�Rj/(Ab-F�-g2~*Ŷ�Rd�
O�p=,a�u��#.̳�y�7pw*&-ODRXrR�9ཀྵ�*
0�r+
8��O|"(� a���QPAPZn5%Sn_�=Ӥwe]��xpR
Vy<�3!H.;�ԟX5N9͡;�WP��t�ώJ����E)T��q�AI�0$!H"@?�bgGHolV�VTURrX8yl�ǹ�>96;|)qNS}���Ij6`rH"G�кV)6=k?�
]�};��W/H%�}��Oz%9R{�\GjÄK/�g`TxH7C��AXJU���WɎ EH-0ol^��d[z.��f=ҽ!&B�L8{ҧ�*�H
h9�S�,S:l*qTԢL.�m��F0 �F�kdV�"<ǯ^r1S>����\ؔȑq~�Y|s!]Et�[%��z�
0�ȝ�p�!�N$�Ϋ`GR ⷭ�nlU}u*i�ϭg /T| w=kHc[X�|%c{ڷea2^@l^v$vwH*7��l�NXKڑ�
�<+uU-�M|XJm��-��gr�҄�w ����Jॉ�j<�ĆYxnqi_I]`L"�RX_Pz"a�,=y{��µ-"�kb�y�@�-��#Z Q�~Wf�L瀲!'��-GD+�G1�<|a.}18fٖ ŝ<]s
{m�IB|�N��O�1�Ri�i<
�/�q�%LăU9'l^:復Qݼ�D~|XmWVa}~Z��f�l��A;6CD; $jp/r=���kC>}6�mz#w�|�4l�"ݟ{@ϓ;b�:}eڦY;bTl�h��C��ײ$xn"y<]�~uC���JzCQ6\)HD��y�O#K|ոF�E�/� <�I�zֻv[cp3R0/~�5
:�I1�=====`j�UL�>J DZ�ڻ0lˤ~0��a�! +#O~�O#Eӽ�mjkuvXB=�#Iݜ+�Ȓ#�x4)qè7~[#�_X{�z)vQEe>;ꋕ9-�V��ͰllT[gO-g~]�ϵ�:&҄<�j
aՌָhfX_=&C=s10x:s=h<�iQ�=']*٢PH�%�
>�ʫSۑ )�ئv:4Z�pF�3/tAݙM%XDǦgZ��ǐ��;�שշE1½�i��<�3�_ZD
��B�$f$� :%�#7ŵi͵^0N +KA�\cgK�Ǎ_4�ss<�\Ν7?t%"|mRM
Q\kv�mYoڄ^fjDRso�Z���ߤ�Lłm_m�au2^�%/zl��ȪhֲF�7t)u۬Rǎ2ײwbp,M˺�[{c�~�P2oH3@84kI/N�$8�&w�QqD3')o��s$�Xz�O"O,�K`jqsפ{�|:(O 87eQ|5Ҟ_FC6�W-N��f/*`5m{;�hOW��>#.b1DKb���@/�j�s8]Y(��OuX[q9Cָol`��tq"o��,k{ʞVS�,�U�Y+
Zy| [D~��pSo]x?��*nMǝ@ =�oe~��FVVrc[~t�^rUQe~;hP8K[nKpf{$&��M|Xp3�CvP
r�aa���B6��?DW�}�ѽjDp@�vZr@Ym�Ӷ|�51v%1h}PR�
#�%1�{-c8 ggs8RG�5Śx
�K1B�r59"@�� �Rxc�)�+h���x���B,py�}A���KfR��כ�aаES,�YK11\R+{RSWK.}KBG�2�KN+ߥt��W�
L i��/"�r\IoA�$ΨP�h%o UP+$40I0�h1�gi`>)fF<�@��Lຶ`;�b�=�Vںμq� yK-y�-�J4s�50:7�ںsʓ��ԘTh
�p�K9��cَz� | cg?tk �6٦KMµs�Aʥ�8IVQ��D#�&R 'U"cMJ�~bGl�UMhբ
\��S�0��,TOಈ�uζü�cS�b;Q̳^Rc"W�c,}:;hҢS�F;6CWѵ6ATJ{9�iJ-h>#Թ;��2{o�V0��$wA>po<|SPʕ=U+%=hpa�ـ�jcE~�:��tdp�6ɍ2MFd.$���q�x5�Dž
X�RW7�˽�}�D['鍀��I��+62s��X>����B�p�7�CsJWv߾졇U C�yޝ ��u�it�{>8�~�9$�.+Ja S����xWt'ly.cls�A^�!��M�
l
� \Z��s4�pLF}Ԕ�DRw3O0�ឩSH֙TdL4B&(qTi+$<|�tv�n�O�KZ�&{6@@P0H��7~bmDRPiF�c�tkXaٌbN��S`Yy�\01Fiŷ^(�l�;b21#|>Oc�&yT
H"跔 �]*�@���`'*�����!�g"{)%n67+:��s��Ni0q�>�"(S[��]ă0Lo�ѧ~;]_fu:�b&é�`�\�u
l9�:W�eO�g�>{0u�s�2sc��RC´vx X-><& .ycI�� 8�^yN4X+M7,X�e2KJ'(��
�@Ka1c�~PoVR$4
>�(�>g�ٕa)豪�o7y~4fY3{�8~BO�z%r�uW0`A='i92bg4t\K
�{$͈ɵ?ѝ�XF�9^&9lIasta{'�}��\MGݪ;֗ŗys�xx(�Sd&�R<�e�jY)sC9lꌹ6�W#\frxixɎ>+ah,.6�(O��E_VC�ĨҋSi0/L"�7[veS+�t_�?gg:^Y3r�ZOmj�6~��e�s�N�M�o���
)n}>y;�MjV}Qy
xQ�?f�e_B&pj3�r�Р(?@�|OPi}I'8/rN+��g:�NF?r/Pe})?̀�],c|���Y�|Y�}π>g�9�2?�<3ϳ�D�=3(?@?2Ϡ,�g�9~WP~U�{WUFWW�$)c�f5/pvJEsQ^5�3T�}~�)�P�5(ge�3�Vڍn�a�{Ar!g�e_/C@/q�sqm%�R+��]Q%>=-{�[I�2n@Kȣ�_xi� �+{O�2��r hxVyd�b�
bye?VP�w;]�SҤ�]�j.�{%])r-Xѧ�Z}5_9��p=*
t�=}}:�a(c#h�3.Ñp_=2\�z[�G$Q�=�PW].�6pqSn$/ 5`
3}�E��xvY^]Y��j�7�m!O^9y}³2A�:�*+6�:�5,Q3[� LjC?�s
Hw?t��{�zY)W8#A}�^�ytpf�^`l>h�}k:KdB�gpX`$�fZ���gnFq`�F]R[t�=WCtz�=s�qgc�us`��In6�J墦�
V˕R;qG;D"ð���{($]dU*�.�ZX��,.g
�/(�@#غ7M{%}C7<8fȳRLq�
u+k�%���aW߷k�z> Oa0|]P���[l,��)1 {��;sh6-*s`^c?94�#R�>}T.W�Y`�_GFb��#+&�*�Up&�a8Yzt]&w'�~Â霰�)#,|Hn炱Lt6q�>�s�o�kq,�"m,�?h�PxU�EG0P$=Cf�Kǣ�_{ƠC)�e h
km"�tZзkdY9Hr&z�U h$Ο6=j"6��:
gCJ�Ң7vgc{[/AI)�H[aʹD6vK�VAgL3SY,�> V_d�v�O~-�B+O��8>eC�gI2T~{J=*P�=fZP:]�v"0%Yz'ϒޒ{ƾ(� ;Cಁe":}`c
�so#'Tt�r!���,N-Gw��U|ٲsg9ebV)qme�F�ӧ-[$@�5E`1v4aehDSL/Tvy*S*>�% �/��-i�ë%:Ɛ�9-���)0�p,\f�tK=m<�`
G*ʖ$_)0t>?�Fu:h�/�A.�Sl�
6-����`⎈Me�6eZDR�*,Dl'f
,����~sf㿵�(@P�W�9���Bu�z��Ϸ����<
v;�͇OV�e؋$|�
_�[0~�Y��+m˕bA,\�n2?>Ş�i#|��@ =(ۊnfTt
�%`GY�U`�r��8ǩk[Vmx����}�u+e!.��1�:�˟]�lہR#nș-`�jk�7EmEtAA@�`�V\3zf7Z�3~Y=!�׆!�a+cPOYjcL1GfYz����L�5�2lt*�
X>!ˣŬ"D0Ȯ��'Z:tsh;h�sTJX6�c?t�f��ŗ�@˽]�Vg*a7<#�/ah(�`y��ja&"e��})IDy�)/ρ/Q>q*g\��$gꎾ�V�;~v��?;u~k a�%
ѨT\��_;�N+�,�mݸ楇ͣ�.[RXFYhI:V;
AHc.VC"^ֳo�
6A|>ǐy6��x�L�
2V*w�V㛼VtƦ�I:1qzRSFs0v&b(16lS24K�_hj�Jl�xTʉY+z[q;�f[hh
/b�;f�1Բ�δu�-��
|
Network Security & Hardware 
