MS15-034 Exploit Information from Offensive Security. http://www.r00tsec.com/2015/04/resource-for-ms15-034-httpsys-exploit.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+r00tsecblog+%28Computer+Security+Blog%29
Ed On Wed, Apr 15, 2015 at 12:34 PM, Ed Ziots <[email protected]> wrote: > Hate.to hijack a thread but wanted you to know that ms15-034 has exploit > code out.for it and could be exploited in the wild soo. > > Ed > On Apr 15, 2015 10:58 AM, "Michael Leone" <[email protected]> wrote: > >> I am about to demote another Win2008 R2 DC, so I ran "dfsdiag /testdcs" >> first. And on this server, it starts to validate the site associations of >> this server. And it says: >> >> The server has IP address with conflicting site associations. >> >> Host IP address Subnet-SiteMapping in AD >> ::1 No mapping exists >> >> >> Now, isn't ::1 the IPv6 equivalent of 127.0.0.1? I'm not using IPv6, and >> in fact it is unchecked in the network connection properties. And I don't >> see this error when I do that command on the 2 other servers (which also >> don't have IPv6). >> >> I'm guessing that it thinks I need a subnet in Sites and Services, but I >> don't know why (or where) it's finding that ::1 at all ... Nor why the 2 >> other servers in this same site are *not* showing this error, even when >> querying the problematical server. There's just the 1 NIC, and I am not >> using a VPN (which might be assigning an IP). >> >> Web searches have been less than fruitful ... Event log of this server >> shows nothing about DFS warnings or errors. >> >> I don't want to create an IPv6 subnet, as I don't plan on using IPv6. Is >> it safe to just ignore this? (most especially since I am about to demote >> it, and since there are no other DFS namespaces besides Domain System >> Volume, and the 2 other servers don't show the error) >> >> ADDENDUM: now DFSDIAG /testreferral is telling me there are stale entries >> and to restart the service on all DCs. Yet that same command does *not* >> show stale entries on the other DCs in the domain ... >> >> <SIGH> >> >> Oh, well. It's still just the test domain, I will restart all 3 DCs, and >> do something else for a few minutes while they come back up and hopefully >> sync ... >> >> >> >>
