Potential Critical Security issue in Windows Server 2003/2008 - IIS may be a vector for compromise

Potential Critical Security issue in Windows Server 2003/2008 - IIS may be a vector for compromisehttp://www.adopenstatic.com/cs/blogs/ken/archive/2008/04/17/17399.aspxAs some of you may be aware, Cesar Cerrudo of Argeniss presented a session at the just completed Hack in a Box conference where exploit code was demonstrated that allows certain code running with restricted privileges (e.g. Network Service) to gain highenCommunityServer 2.1 (Build: 60809.935)Potential Security Vulnerability for NetworkService / potential new IIS exploithttp://www.adopenstatic.com/cs/blogs/ken/archive/2008/04/17/17399.aspx#17400Fri, 18 Apr 2008 08:25:45 GMTe0e31441-78b9-4457-b9b0-6f7906e03e71:17400jorkeo - hosting geek<p>Important heads up with regards to a potential privilege escalation issue when running under NetworkService</p>