I attended the SANS webinar, and we were told that if your IIS installation requires authentication, it's not vulnerable. By auth, I don't mean SSL/TLS.
That doesn't help those whose infrastructure is public facing without auth (basic web presence, ecommerce, etc.), but for Exchange/Lync/etc., it seems to be a small relief. Another small note of relief, for those who have them, is that PaloAlto's firewalls are supposed to have a signature for this. I'm sure other brands either have it or will soon. Of course, patching is still a good thing. If anyone hears anything different on any of the above, I'm all ears. Kurt
