Windows Server 2008 Shown to Have Security-Design ProblemsBy Ryan Naraine | Posted 2008-03-27 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Argeniss co-founder Cesar Cerrudo has found serious design weaknesses that could allow a skilled hacker to take complete control of the operating system.
A hacker picking apart the security model of Microsoft's brand new Windows Server 2008 has found serious design weaknesses that render some of the product's new security protections "useless."
Cesar Cerrudo, founder and CEO of Argeniss Information Security, in Parana, Argentina, says the weaknesses could lead to privilege escalation attacks opens the door for a skilled hacker to take complete control of the operating system.
"[We found] from design issues that were not identified by Microsoft engineers during the Security Development Lifecycle (SDL), and allows accounts commonly used by Windows services -- NETWORK SERVICE and LOCAL SERVICE -- to bypass new Windows services protection mechanisms and elevate privileges, Cerrudo explained.
Read the full article at eWEEK.