El Reg reports
Penetration tester Marcus Murray says attackers can use malicious JPEGs to pop modern Windows servers, to gain expanded privileges over networks.
In a live hack set down for RSA San Francisco this week, the TrueSec boffin shows how he used the hack to access an unnamed US Government agency that ran a buggy photo upload portal.
A key part of the stunt is achieved by inserting active content into the attributes of a jpg image, such that the file name read image.jpg.aspx. "I'm going to try to compromise the web server, then go for back end resources, and ultimately compromise a domain controller," Murray said, adding the hack is not that difficult.
video
This is by no means a new attack vector.
Why are we still dealing with this over ten years later?
(Score: 2, Insightful) by gishzida on Tuesday April 21 2015, @08:02PM
Let's see...
What kind of idiot takes a server that sits in a DMZ and attaches it to a domain controller? A MS Admin because they are not trained that "Internet facing" servers are a danger to their local network and should be isolated... and besides Management won't sit still for adding additional security costs. Better yet just outsource the whole thing, authentication and all...
What kind of security admin allows that? One that is so busy attending to other things (certification classes, hacker conventions, and soothing poor over worked management) that they never actually do any kind of security work. Oh wait it's too expensive to have a dedicated security admin... Outsource that position...
What kind of IT management or company management allows it? The one that can ignore the danger, work to keep costs down to increase the chance of a higher salary, and then blame and fire the lowly admins when the systems are over run by "black hats" [which might be everything from a script kiddy to their own government].
It was once said [circa 1995/6] that NT 3.51 workstation or server was secure so long as you didn't plug it into a network switch.... Windows [and management] has not changed all that much.