"Marc Maiffret" <mmaiffret (at) eeye (dot) com [email concealed]> writes:

> This attack can be performed through various encryption systems such as
> Kerberos and almost anything using CERTs... I am not sure about
> Microsofts wording in their advisory.

I think they use the ominous phrase "many possible vectors"; if
anything kicks off, containing it may not be anything like as easy as
blocking 135/tcp. How easy does it look to exploit it?

Regardless, this one is going to get patched ASAP here.

--
James Riden / j.riden (at) massey.ac (dot) nz [email concealed] / Systems Security Engineer
GPG public key available at: http://www.massey.ac.nz/~jriden/
This post does not necessarily represent the views of my employer.

[ reply ]