A security researcher plans to use the Black Hat conference spotlight to expose new design mistakes and security issues that can be exploited to elevate privileges on all Windows versions including the brand new Windows 2008 R2 and Windows 7. The researcher also plans to release two exploits (called Chimichurri and Churraskito) for IIS and SQL Server. Cerrudo, founder and CEO of Argeniss, a security consultancy firm based in Argentina, first reported the token kidnapping hiccup to Microsoft in 2008.
Source: https://threatpost.com/ms-windows-token-kidnapping-problems-resurface-071610/74221/

