Q

What are elevated privileges and why do they make my systems vulnerable?

Concerning your response to How can I stop administrators from taking their computers out of the domain?, can you please clarify and give examples of what you mean by "think of the elevation of privilege attacks that might provide them with elevated privileges on other machines (including servers and domain controllers)"?
If an attacker is able to gain access to LSA secrets (possibly by using lsadump2), then they might discover the user name and password for a service account. Accounts that are used to run services may have privileges beyond that held by the user of the compromised account and maybe domain-level accounts. Armed with the information, the attacker can log on and now have those privileges. If the account is a domain account, his privileges extend to many computers in the domain, not just the one he was able to compromise.
This was first published in February 2003

Dig deeper on User passwords and network permissions

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close