On Monday 22 December 2008, ArcSighter Elite wrote:
> I came this morning with something. The MS08-67 patch when challenge
> keys couldn't be replayed, affects also the other variants of the
> attack, such as http 401 + WWW-Authenticate: NTLM, and the IMAP, POP
> and SMTP versions?

Supposedly it affects any component that initializes the security 
negotiation the "right" way, but only during a direct reflection attack. 
You can still relay to a third-party host regardless of protocol.


Framework-Hackers mailing list

Reply via email to