No Exploit has ever gained access as the service account, the two you listed both gained access via the IIS anonymous user account, and account with limited rights on the server.
The process that listens on the network Is svchost, which does run as the local system, however it can be changed, it doesn't have to run as that account. > -----Original Message----- > From: Jochem van Dieten [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 07, 2007 4:00 PM > To: CF-Community > Subject: Re: Why Linux is more secure than Windows > > ** Private ** wrote: > > What account does Apache start under? > > The account you configure it to start under. > > > >> The most > >> obvious privilege is the privilege to start processes under a > >> different user account. > > > > The IIS worker process starts under it's own identity - Network > > Service. > > Run "netstat -ano" on your Windows system with IIS and find the PID of > the process that owns port 80. Then go to taskmgr: which account does > that process run under? If there is a bug in that process and that bug > gets exploited, what account will the exploit run under? > > Jochem > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Community/message.cfm/messageid:227287 Subscription: http://www.houseoffusion.com/groups/CF-Community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.5
