0 Replies Latest reply on Apr 21, 2008 2:49 PM by HarryWaldron

    Microsoft IIS Vulnerability - Security Advisory 951306 (corporate security)

      Microsoft IIS Vulnerability - Security Advisory 951306

      The latest versions of the Internet Information Services (IIS) facilities have enjoyed an excellent track record in the area security. Recently, a new vulnerability was discovered that could allow user privileges to the manipulated and escalated in an unauthorized manner.

      Additional resources are noted below, including a highly technical overview on Token Kidnapping. Thankfully, the details related to this exposure have been confidentially shared with Microsoft in a responsible manner. Currently, there are no known exploits related to this vulnerability circulating in the wild.

      Microsoft Security Advisory (951306)
      Vulnerability in Windows Could Allow Elevation of Privilege

      http://www.microsoft.com/technet/security/advisory/951306.mspx

      QUOTE: Microsoft is investigating new public reports of a vulnerability which could allow elevation of privilege from authenticated user to LocalSystem, affecting Windows XP Professional Service Pack 2 and all supported versions and editions of Windows Server 2003, Windows Vista, and Windows Server 2008. Customers who allow user-provided code to run in an authenticated context, such as within Internet Information Services (IIS) and SQL Server, should review this advisory. Hosting providers may be at increased risk from this elevation of privilege vulnerability.

      Currently, Microsoft is not aware of any attacks attempting to exploit the potential vulnerability. Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

      IIS Vulnerability Documented by Microsoft - Includes Workarounds
      http://isc.sans.org/diary.html?storyid=4306

      Token Kidnapping and Impersonation - by Cesar Argeniss
      http://www.argeniss.com/research/TokenKidnapping.pdf