What about web machines behind say, TMG? From: [email protected] [mailto:[email protected]] On Behalf Of Andrew S. Baker Sent: Wednesday, November 12, 2014 5:57 PM To: ntsysadm Subject: Re: [NTSysADM] MS14-066 - secure channel vulnerability
There's nothing in the wild *as yet*, but given the wormable potential, I would expect exploit code within 4-6 business days. Patch perimeter exposed systems as soon as you can, and work from there. Be advised that if a client system gets hit, it will be able to hit all the systems that it has access to within your network. Regards, ASB http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker> Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market... On Wed, Nov 12, 2014 at 3:06 PM, geoff taylor <[email protected]<mailto:[email protected]>> wrote: Looking for opinions on how urgent this is, and your plan of attack. No shortage of people crying Wolf. As usual SANs is balanced and sane recognizing the possible severe implications and yet acknowledging that a well thought out patching approach (expedited perhaps) is the best defense. http://preview.tinyurl.com/phz3my4 gt
