On Monday 22 December 2008, ArcSighter Elite wrote: > I came this morning with something. The MS08-67 patch when challenge > keys couldn't be replayed, affects also the other variants of the > attack, such as http 401 + WWW-Authenticate: NTLM, and the IMAP, POP > and SMTP versions?
Supposedly it affects any component that initializes the security negotiation the "right" way, but only during a direct reflection attack. You can still relay to a third-party host regardless of protocol. -HD
_______________________________________________ Framework-Hackers mailing list Framework-Hackers@spool.metasploit.com http://spool.metasploit.com/mailman/listinfo/framework-hackers