This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Unit 42 Uncovers New Attack Surface That Targets Microsoft IIS and SQL Server

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Unit 42 Uncovers New Attack Surface That Targets Microsoft IIS and SQL Server

kiwi
Community Team Member
‎08-03-2021 11:24 AM

unit42-web-banner-650x300.jpg

 

 

 

At Black Hat Asia 2021, Unit 42 shared information about a new attack surface targeting MS IIS and SQL Servers. The presentation  they unveiled at the information security and technology conference introduced a previously undisclosed technique to execute SQL queries on the remote database in IIS and SQL server.

 

Unit 42's blog on the New Attack Surface covers the details of the technique, which allows threat actors to remotely attack IIS and SQL Server to gain SYSTEM privilege by using Microsoft Jet Database Engine vulnerabilities.

 

MS Jet Database Engine supports remote database access—a very practical feature but, when misused, allows attackers to execute SQL queries on the fully controlled database file on the remote attacker’s controlled server. The remote database access gives attackers the capability of replacing a legitimate database with a malformed database. Executing SQL queries on this malformed database could lead to vulnerabilities in many Jet components.

 

Microsoft did release a patch for Vulnerability CVE 2021 28455 to mitigate this attack surface, but the patch is turned off by default.  When activated, the patch provides users the option to disable remote database access in the MS Jet and ACE components. It's highly recommended that users proactively turn on mitigation to disable remote tables access in the registry. Check out Unit 42's full report for details on how to edit your registry. 

 

Palo Alto Networks Next-Generation Firewall customers can help prevent such attacks by blocking WebDAV traffic from trusted to untrusted zone using App-ID and the Threat Prevention security subscription.

 

More information:

 

Feel free to share your questions, comments and ideas in the section below!

 

Thank you for taking time to read this blog.

Don't forget to hit the Like (thumbs up) button and to Subscribe to the LIVEcommunity Blog area.

 

Kiwi out!

0 Likes Likes
  • 2666 Views
  • 0 comments
  • 0 Likes
Register or Sign-in
Labels
Popular Blogs
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks