MS08-001 & MS08-002
IPLocks offers a Vulnerability Assessment product. While we, IPLocks, provide OS level assessments, we focus on the database. So the OS and network policies we do provide are those that affect database configuration, security and operations. The types of vulnerabilities listed above, having to do with multi-casting and Windows security, is not something I will typically comment on and not something IPLocks will provide a policy for.
That said, a subversion of the Microsoft Windows Local Security Authority Subsystem Service (lsass.exe), as is the case with MS08-002, I suspect it would be possible to bypass authentication to SQL Server databases that use Windows authentication. That is if you were a hacker and wanted to be subtle about subverting the system without being detected. I am not aware of any specific attacks, but if you can compromise lasass.exe, there a good possibility you can gain access to any account and thus brute force take over the server entirely, or subtlety monitor all inter-process communication. Your pwned at that point. I am not a Windows kernel expert by any stretch, but I suspect that there are also RPC trust relationships based upon LCP API’s and lsass.exe being secure and friendly. I am hypothesizing that one subverted kernel may provide additional attack avenues into another kernel, which is fairly scary.
Regardless, I would recommend patching your Windows servers ASAP.
Recent Comments