A Security Problem Caused by xp_cmdshell in SQL Server.

Today, one of my colleagues demonstrated how to use the extended stored procedure xp_cmdshell to activate the windows Guest account and clear the password of that account, and then add the Guest account into the windows Administrators group. After all these had been done, the server is totally exposed to the outside without any protections. Any person in the same intranet can easily get logged into the server, and do any windows operations with the privileges of windows Administrator. Is that sounds terrible? Of course, it is. And in deed, it will really happens. However, the key point is the invader must logged onto the SQL Server using the 'sa' account, or using other sysadmin fixed server roles. So do not use simple password, especially empty password for the dbo account. The more complex password you set, the higher security you will get.

By default, only members of the sysadmin fixed server role can execute this extended stored procedure, xp_cmdshell. You can also grant execute permission of it to other users. With the execution permission of xp_cmdshell, the user can execute any operating-system command at Microsoft Windows NT command shell that the account running Microsoft SQL Server has the needed privileges to execute. So if the user account is belonged to the sysadmin fixed server role, he will be granted with the privileges of windows Administrator, and be able to do any operations on the server, just like in his own personal computer:)