Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: IIS Vulnerability Documented by Microsoft - Includes Workarounds - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
IIS Vulnerability Documented by Microsoft - Includes Workarounds

Microsoft has just put out an advisory for a privilege escalation vulnerability in Windows that affects IIS and potential SQL server (951306). Basically, authenticated users can use this vulnerability to become LocalSystem. This is probably more of a problem for shared hosting environments were clients could upload malicious code to the webserver and run the exploit to gain additional rights. SQL is less of a problem because permissions have to be explicitly given to allow a SQL user to run code.

The advisory contains workarounds for IIS 6 and 7 that is claimed to blunt this vulnerability.  The only negative impact of those workarounds is to add some extra work when adding users but does block the vector of attack.

There is a public report of this, but apparently no exploits yet.  More when we get additional information, but refer to MSFT's advisory with details on how to workaround.


Cesar's paper has been released and you can see it here

John Bambenek / bambenek {at} gmail [dot] com
Neither ran, nor sleet, nor earthquakes shaking my office will stop the ISC


262 Posts
ISC Handler
Apr 18th 2008

Sign Up for Free or Log In to start participating in the conversation!