Windows Server 2008 Shown to Have Security-Design Problems

Renew Your Subscription

Security

Windows Server 2008 Shown to Have Security-Design Problems
By Ryan Naraine
2008-03-27

Article Views: 1001
Article Rating:

/ 1

Rate This Article:

Add This Article To:

Digg this

Del.icio.us

Slashdot

Y! My Web

E-mail

Furl

Google

Simpy

Spurl!

PDF Version

Argeniss co-founder Cesar Cerrudo has found serious design weaknesses that could allow a skilled hacker to take complete control of the operating system.

A hacker picking apart the security model of Microsoft's brand new Windows Server 2008 has found serious design weaknesses that render some of the product's new security protections "useless."

Cesar Cerrudo, founder and CEO of Argeniss Information Security, in Parana, Argentina, says the weaknesses could lead to privilege escalation attacks opens the door for a skilled hacker to take complete control of the operating system.

"[We found] from design issues that were not identified by Microsoft engineers during the Security Development Lifecycle (SDL), and allows accounts commonly used by Windows services -- NETWORK SERVICE and LOCAL SERVICE -- to bypass new Windows services protection mechanisms and elevate privileges, Cerrudo explained.

Read the full article at eWEEK.

	Discuss Windows Server 2008 Shown to Have Security-Design Problems

	>>> Be the FIRST to comment on this article!



	>>> More Security Articles >>> More By Ryan Naraine

Email Article To Friend ♦ Print Version Of Article ♦ PDF Version Of Article

FREE ZIFF DAVIS ENTERPRISE ESEMINARS AT ESEMINARSLIVE.COM

Jul 15, 2 p.m. ET
The Dos and Don'ts of Email Encryption with Joel Shore. Sponsored by IronPort

Jul 17, 4 p.m. ET
Workload Automation Solutions Drive Down Complexity and Cost of IT Operations with Aaron Goldberg. Sponsored by BMC

Jul 22, 1 p.m. ET
Strategies for Retention and Deletion of Email/Electronic Information with Michael Vizard. Sponsored by Dell & MessageOne

Jul 23, 2 p.m. ET
Streamlining Proactive Systems Management with IT Automation with Michael Steinhart. Sponsored by Kaseya

Jul 24, 2 p.m. ET
Cut Costs, Simplify Management, Improve Security with Virtualized Desktops with Joe Maglitta. Sponsored by Microsoft & Unisys

Jul 24, 2 p.m. ET
What's New with GoToMeeting Corporate with Michael Krieger. Sponsored by Citrix & GoToMeeting

Jul 31, 2 p.m. ET
Gaining Visibility into Wide Area Data Services with Michael Krieger. Sponsored by Mazu Networks & Riverbed

Aug 6, 2 p.m. ET
5 Important Steps to Successful Performance Management and BI with Joel Shore. Sponsored by IBM

More Upcoming Events!


		HP Webcast: Cut Your Print Costs Get Total Visibility into Projects w/ Mariner Win a Seagate® Barracuda® 1-TB HDD! Debix Identity Protection. Proven to work. Brocade DCX: the smart way to evolve your data center. 64 pages on security, compliance, & IT operations Your Linux is more than ready.™ novell.com/linux Free trial of Safari Books Online & $100 Gift Card Get Tech OnTap technical enewsletter from NetApp. 3M saved $3M on printing. Learn how HP can help your business Download the “Best Antivirus Product of 2007” Improve the customer experience with Dialogue Win a Seagate® Barracuda® 1-TB HDD! VoIP issues? Visit the experts at Global Crossing. Introducing BlackBerry® Professional Software from AT&T. New Mobility Solution from BlackBerry®. Learn More. Your small business. Our big solution. The Satellite A200.

FEATURED CONTENT

Virtual Tradeshow: Information Security Priorities for SMEs

Register Now!

eSeminar: How IE7 And The New Extended Validation SSL Certificates Impact Your Site

Register Now!

Baseline:	Issue Index \| Contact Us \| About \| Media Kit \| Magazine Customer Service \| Navigation Guide
Quick Links:	Project Planners \| ROI Calculators \| Enterprise Resource Planning \| Network and Online Security \| Data Analysis \| Process Management \| Storage Devices\| Link to Us

	Ziff Davis Enterprise Home \| Contact Us \| Advertise \| Link to Us \| Reprints \| Magazine Subscriptions \| Newsletters Tech RSS Feeds \| White Papers \| ROI Calculators \| Tech Podcasts \| Tech Video \| VARs \| System Builder
	Baseline \| Careers \| Channel Insider \| CIO Insight \| DesktopLinux \| DeviceForge \| DevSource \| eSeminars \| eWEEK \| Enterprise Network Security \| LinuxDevices \| Linux Watch \| Microsoft Watch \| Mid-market \| Networking \| PDF Zone \| Publish \| Security IT Hub \| Strategic Partner \| Web Buyer's Guide \| Windows for Devices
	Developer Shed \| Dev Shed \| ASP Free \| Dev Articles \| Dev Hardware \| SEO Chat \| Tutorialized \| Scripts \| Code Walkers \| Web Hosters \| Dev Mechanic \| Dev Archives \| igrep Use of this site is governed by our Terms of Use and Privacy Policy
	Copyright ©1996-2008 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.