Unit 42 Uncovers New Attack Surface That Targets Microsoft IIS and SQL Server

cancel
Showing results for 
Search instead for 
Did you mean: 
Community Team Member

unit42-web-banner-650x300.jpg

 

 

 

At Black Hat Asia 2021, Unit 42 shared information about a new attack surface targeting MS IIS and SQL Servers. The presentation  they unveiled at the information security and technology conference introduced a previously undisclosed technique to execute SQL queries on the remote database in IIS and SQL server.

 

Unit 42's blog on the New Attack Surface covers the details of the technique, which allows threat actors to remotely attack IIS and SQL Server to gain SYSTEM privilege by using Microsoft Jet Database Engine vulnerabilities.

 

MS Jet Database Engine supports remote database access—a very practical feature but, when misused, allows attackers to execute SQL queries on the fully controlled database file on the remote attacker’s controlled server. The remote database access gives attackers the capability of replacing a legitimate database with a malformed database. Executing SQL queries on this malformed database could lead to vulnerabilities in many Jet components.

 

Microsoft did release a patch for Vulnerability CVE 2021 28455 to mitigate this attack surface, but the patch is turned off by default.  When activated, the patch provides users the option to disable remote database access in the MS Jet and ACE components. It's highly recommended that users proactively turn on mitigation to disable remote tables access in the registry. Check out Unit 42's full report for details on how to edit your registry. 

 

Palo Alto Networks Next-Generation Firewall customers can help prevent such attacks by blocking WebDAV traffic from trusted to untrusted zone using App-ID and the Threat Prevention security subscription.

 

More information:

 

Feel free to share your questions, comments and ideas in the section below!

 

Thank you for taking time to read this blog.

Don't forget to hit the Like (thumbs up) button and to Subscribe to the LIVEcommunity Blog area.

 

Kiwi out!

Register or Sign-in
Labels
Top Liked Authors