Segundo estas duas notícias que acabo de ler (Hacker Bags Windows Server 2008 Trophy; Hacker Pours Cold Water on Windows Server 2008 Security Design), os recentemente chegados novos bens da coroa m$, estarão com graves problemas de segurança.
Mas segundo o mesmo investigador, "Cesar Cerrudo, founder and Chief Executive Officer of Argeniss Information Security, in Parana, Argentina,", o m$-window$ XP e Vi$ta sofrem do mesmo problema.
Parece que o IIS 7 na sua configuração por omissão pode ser completamente comprometido usando aplicações ASP.Net.
Microsoft Watch - Security - Hacker Bags Windows Server 2008 Trophy
Hacker Pours Cold Water on Windows Server 2008 Security Design
Mas segundo o mesmo investigador, "Cesar Cerrudo, founder and Chief Executive Officer of Argeniss Information Security, in Parana, Argentina,", o m$-window$ XP e Vi$ta sofrem do mesmo problema.
Parece que o IIS 7 na sua configuração por omissão pode ser completamente comprometido usando aplicações ASP.Net.
Microsoft Watch - Security - Hacker Bags Windows Server 2008 Trophy
Exploit details are sketchy, but not the source: Argeniss co-founder Cesar Cerrudo.
Apparently, Cerrudo plans to share more information about the security flaws during April's Hack in the Box Security Conference. That will give Microsoft some time to research the problem before Cerrudo tells all. He plans to demonstrate zero-day exploits for elevating privileges in IIS, SQL Server and Windows Server 2008.
Hacker Pours Cold Water on Windows Server 2008 Security Design
"On Windows XP and Windows 2003 the problem is especially severe since any Windows service, even when running under a low privileged account, can potentially break through the security protections and fully compromise the operating system. This includes all web applications deployed on Internet Information Services 6," he added.
No comments:
Post a Comment