I'll stick to *nix

Press realease http://www.argeniss.com/pressrel032408.html seems to be very clear, I don't see FUD there

On the contrary, it looks like the same nonsense about system acounts with no detail whatsoever!

Ryan this is the dumb ass article I've ever read in my eWeek reading. Before you go to press with your article you should evaluate the worthiness of what you write. Local and Network Services and how it handles user access and security within MS Windows are very well known since Windows 95 and here is some dumb ass Argentina guy and dumb ass Ryan making baseless remarks. This article proves one point though... The article is as dumb as the person who wrote it!

Cant believe that guys like Ryan and Steven Vaughan-Nichols have a platform to post their retarded articles... It only happens in eWeek.... LMAO

Thanks for your insightful comments on the Windows 2008 server platform.

Either be specific about what was incorrect, or shut up. Your crass and offensive comments only demonstrate a complete lack of professionalism or objectivity.

Dumbest article ever written. Sincerely

First of all the concept of a service does not exist in Windows 9X so you decide who is dumb. Second, for all you security experts who claim that this is a known issue for a while notice that he is talking about the local service not local system context. Do you research first, they are not the same.

Wow... for all of those on the 'dumb-ass' track, here is an article you can read. Maybe one day you will understand it too.

http://www.eweek.com/c/a/Knowledge-Center/How-to-Increase-the-Memory-Size-of-Your-Server-Computer/

I think this article was a little lame. This has been a problem with Windows for years. Tell us something we don't know.

Maybe eWeek should have waited till the conference to write an article so that they could more specific.

Speaking for myself, regardless of whether the "discoveries" described are new, this is a useful article.

If the earlier comment by "Dumb Article" is correct and these issues have truly been in play since Windows 95, you've got to wonder who in their right mind would run their apps on Microsoft servers running IIS. And Relevance is bang-on. Grow up, DA.

What I don't like about this article is the mere
dropping of bread crumbs of information, large
enough for clever BadGuys to start noodling around
with, in order to re-invent Cerrudo's "wheel,"
between now and HitB, but seriously insufficient,
with regard to assisting sysadmins with equivalent
clues for protecting real-world systems that are
already in production.

I'm not talking about W2k8S, here, I'm talking about
XP, W2k3S, Vista and IIS6&7.

In M$ conception of account security, non-Admin
accounts that are used to run "services," that perform
functions, that require Administrative system
privileges, have the ability to "impersonate" Admin
for that specific reason. The result is that Admin
privileges are granted, via an impersonation security
token, to specific processes, but not every process,
running in the context of a service running under a
non-Admin account, like NETWORK_SERVICE and/or
LOCAL_SERVICE.

The article refers to "token hijacking" as the vector
for exploiting an above mentioned service in order
to gain LOCAL_SYSTEM privileges.

Does it require local console access or can it be
achieved remotely?

Is this some type of IPC hijack akin to Desktop Shatter? Or is this something entirely new and original?

It is trivially exploited, or does it require real-world coding skills in the abscence of a
pre-rolled Metasploit exploit for Dummies?

I think that these are all reasonable questions to
ask and to expect answers, if not big clues, from
responsible and seasoned industry journalism.

The reported allegations are all plausible, on a
level sufficient to promote worry, if not panic.

So, if the purpose of eWeek Security is to promote
Fear, Uncertainty and Doubt, then, mission
accomplished.

If the point is to provide real-world, White Hat
practioners with timely and actionable alerts about
what can be done to mitigate live, looming tactical
threats and/or strategic (as in architectural) flaws,
then this article falls far below that bar.

I read no investigation, only regurgitation.

Forgive me, if I want to hold eWeek to a higher
standard of journalism than what eWeek is prepared
to deliver.

Well stated and thoughtful. Too bad we can't say the same for the original article.

So he's going to present a "zero day" exploit?

In other words, he's aware of a vulnerability, hasn't told Microsoft and plans to show off an attack tool for which there is no current patch.

Why even listen to someone with such deplorable ethics?

The reason why you listen to some unethical person like this is that even if you don't, every script kiddie and dark side hacker out there will be listening to him, and creating any exploits that they can dream up. Also, M$ has often ignored private notification from people like this for months or years. There are known exploits that M$ has carried forward from version to version of Windows, so why are the guys who find and distribute this information considered the black hats here. What they are doing is forcing M$ to respond more quickly, or admit that they cannot, which is absurd, considering their available resources. Now, maybe, if M$ would hire some of these so called black hats, they would have fewer of these problems to deal with. Maybe, if M$ were a bit more transparent with these problems, providing work arounds ASAP, there would be less impact. After all, it is M$'s OS, and their responsibility to make it secure. If it can be broken, then M$ has failed. No company is perfect, but M$ could be a whole lot more responsive.

M$ might hire these guys to beat down their code but they would never survive in the structured design and coding world where their skills would actually be needed. These guys are the antithesis of a software engineer. Undisciplined, they would not fit into an normal development organization. These are the type of people that only thrive in a free-for-all R&D lab type environment where they are not required to do anything but hobby-shop and are not held to any standards. If M$ could channel their hobby-shopped output and properly productize their design then they might have something...otherwise we will continue to end up with the same old mess.

And Microsoft wants to compete with VMware using this platform. I understand that VMware has issues of its own but this is all that VMware does, Microsoft has too many irons in the fire. And anyone who wants to be loyal to MS then so be it.... Just remember to update your resume frequently!

Look, the author does not have the education to spell simple words correctly, or the skill to use a spell-checker. Have pity, he is doing the best he can with what he has.

First Alastair and Dumb Article, Win 95 was DOS based and used an entirely different kernel than the NT/XP/etc. I'm guessing this is something different. Since you know about as much as I do, and Cesar doesn't mention older OS's why would you assume it's the same?

Alerter, yes this information would be helpful. Did Ryan discover the exploit? No. Did Cesar give Ryan the information about the exploit, or did he say he was going to release it at the Hack in the Box conference? If "bad guys" can use this information to "start noodling around with" so can "good guys". As Cesar seems to be one of the "good guys" maybe there is a reason he isn't releasing it until the conference. It never says he hasn't contacted Microsoft about it, that would have been a good question to ask.

As for the rest of it, Ryan is a journalist, perhaps you think he should fly to Argentina and torture the information out of Cesar? He reported the information he had as well as when/where more information would be released. So I don't think you're talking about a higher standard of journalism. Journalists report what they know. You're assuming he's not going to do a follow up story when more information is available, and you're implying that no information is better then some. So I have to disagree with you there.

Surprised, zero-day does not mean that Microsoft has not been made aware of the situation. It means that there currently isn't a patch available. He hasn't written an attack tool, he found a design issue. Hack in the Box is a security conference, so how exactly are his ethics deplorable? If windows was open source, I'm sure someone would be working on a patch by now. Rather than face an IP lawsuit for releasing a patch, the best he can do is report what he's found.

The majority of the comments so far have been, "Shoot the messenger"

microsoft has hired a bunch of whitehats at various times including the people from the LSD group, and they consult with companies like n.runs and IOActive. So they have clearly tapped the talent pool of skilled security researchers.

Some of the ppl leaving comments here strike me as arrogant, ever ready to slam someone else and try to prove how much they know. Easy to be a d*ck when things are anonymous.