Seven Deadliest Microsoft Attacks


  • Rob Kraus, CISSP, C|EH, MCSE; Senior Security Consultant for Solutionary, Inc.
  • Brian Barber, (Linux+, MCSE, MCSA, MCP+I, MCNE, CNE, CNA-GW)
  • Mike Borkin, MCSE, GSEC Gold
  • Naomi Alpern, Consultant, Unified Communications, Microsoft, USA, Citrix Certified Enterprise Administrator, Security+, Network+, A+, MCSE, MCT

Seven Deadliest Microsoft Attacks explores some of the deadliest attacks made against Microsoft software and networks and how these attacks can impact the confidentiality, integrity, and availability of the most closely guarded company secrets. The book consists of seven chapters that cover the following topics: (i) attacks against Windows passwords; (ii) escalation attacks; (iii) stored procedure attacks; (iv) mail service attacks; (v) client-side ActiveX and macro attacks; (vi) Web service attacks; and (vii) multi-tier attacks. Each chapter provides an overview of a single Microsoft software product, how it is used, and some of the core functionality behind the software. Additionally, each chapter explores the anatomy of attacks against the software; the dangers of an attack; and possible defenses to help prevent the attacks described in the scenarios. This book will be a valuable resource for those responsible for oversight of network security for either small or large organizations. It will also benefit those interested in learning the details behind attacks against Microsoft infrastructure, products, and services; and how to defend against them. Network administrators and integrators will find value in learning how attacks can be executed, and transfer knowledge gained from this book into improving existing deployment and integration practices.
View full description


Information security professionals of all levels; Micosoft admins; recreational hackers


Book information

  • Published: March 2010
  • Imprint: SYNGRESS
  • ISBN: 978-1-59749-551-6


"Seven Deadliest Microsoft Attacks brings to light easily exploitable yet commonly overlooked vulnerabilities of Microsoft systems. The real-world examples used help reinforce the magnitude of these attacks, all while depicting the simplicity of the attack itself. The authors end on a good note with steps to avoid becoming a victim and insight on industry trends."--Aaron Beauregard, IT Systems and Security Manager, Mueller Services, Inc.

"The text is peppered with warnings, notes, recommendations and so-called 'Epic Fail' text boxes that illustrate some of the typical mistakes made when working with that particular software...The bok and the chapters are short, but long enough to give a good overview of today's most common attacks targeting some of the most popular Microsoft products."--Zeljka Zorz, Help Net Security


Table of Contents


About the Authors


Chapter 1 Windows Operating System - Password Attacks

    Windows Passwords Overview

         Security Accounts Manager

         System Key (SYSKEY)

         LAN Manager Hash

         NT Hash

         LSA Secrets

         Password and Lockout Policies

    How Windows Password Attacks Work

    Dangers with Windows Password Attacks

         Scenario 1: Obtaining Password Hashes

         Scenario 2: Pass the Hash

         Scenario 3: Timed Attacks to Circumvent Lockouts

         Scenario 4: LSA Secrets

    Future of Windows Password Attacks

    Defenses against Windows Password Attacks

         Defense-in-Depth Approach

         Microsoft and Third-Party Software Patching

         Logical Access Controls

         Logging Security Events

         Implementing Password and Lockout Policies

         Disable LM Hash Storage for Domain and Local Systems

         SYSKEY Considerations


Chapter 2 Active Directory - Escalation of Privilege

    Escalation of Privileges Attack Anatomy

    Dangers with Privilege Escalation Attacks

         Scenario 1: Escalation through Batch Scripts

         Scenario 2: Attacking Customer Confidence

         Scenario 3: Horizontal Escalation

    Future of Privilege Escalation Attacks

    Defenses against Escalation of Privilege Attacks

         First Defensive Layer: Stop the Enemy at the Gate

         Second Defensive Layer: Privileges Must Be Earned

         Third Defensive Layer: Set the Rules for the Playground

         Fourth Defensive Layer: You’ll Need That Secret Decoder Ring



Chapter 3 SQL Server - Stored Procedure Attacks

    How Stored Procedure Attacks Work

         Initiating Access

         Accessing Stored Procedures

    Dangers Associated with a Stored Procedure Attack

         Understanding Stored Procedure Vulnerabilities

         Scenario 1: Adding a Local Administrator

         Scenario 2: Keeping Sysadmin-Level Access

         Scenario 3: Attacking with SQL Injection

    The Future of Stored Procedure Attacks

    Defenses against Stored Procedure Attacks

         First Defensive Layer: Eliminating First-Layer Attacks

         Second Defensive Layer: Reduce the First-Layer Attack Surface

         Third Defensive Layer: Reducing Second-Layer Attacks

         Fourth Defensive Layer: Logging, Monitoring, and Alerting

         Identifying Vital Attack Events

         Fifth Defensive Layer: Limiting the Impacts of Attacks



Chapter 4 Exchange Server - Mail Service Attacks

    How Mail Service Attacks Work

         Mail Flow Architecture

         Attack Points

    Dangers Associated with Mail Service Attacks

         Scenario 1: Directory Harvest Attacks

         Scenario 2: SMTP Auth Attacks

         Scenario 3: Mail Relay Attacks

    The Future of Mail Service Attacks

    Defenses against Mail Service Attacks

         Defense in the Perimeter Network

         Defense on the Internal Network

         Supporting Services


Chapter 5 Office - Macros and ActiveX

    Macro and Client-Side Attack Anatomy

         Macro Attacks

         ActiveX Attacks

    Dangers Associated with Macros and ActiveX

         Scenario 1: Metasploit Reverse TCP Connection

         Scenario 2: ActiveX Attack via Malicious Website

    Future of Macro and ActiveX Attacks

    Macro and ActiveX Defenses

         Deploy Network Edge Strategies

         Using Antivirus and Antimalware

         Update Frequently

         Using Office Security Settings

         Working Smart



Chapter 6 Internet Information Services - Web Service Attacks

    Microsoft IIS Overview

         File Transfer Protocol Publishing Service

         WebDAV Extension


    How IIS Attacks Work

    Dangers with IIS Attacks

         Scenario 1: Dangerous HTTP Methods

         Scenario 2: FTP Anonymous Access

         Scenario 3: Directory Browsing

    Future of IIS Attacks

    Defenses Against IIS Attacks

         Disable Unused Services

         Default Configurations

         Account Security

         Patch Management


         Segregate IIS

         Penetration Testing


         IIS Lockdown


Chapter 7 SharePoint - Multi-tier Attacks

    How Multi-tier Attacks Work

    Multi-tier Attack Anatomy

    Dangers with Multi-tier Attacks

         Scenario 1: Leveraging Operating System Vulnerabilities

         Scenario 2: Indirect Attacks

    How Multi-tier Attacks Will Be Used in the Future

    Defenses against Multi-tier Attacks

         First Defensive Layer: Failure to Plan = Plan to Fail

         Second Defensive Layer: Leave No Hole Unpatched

         Third Defensive Layer: Form the Protective Circle