Usually TNG is used as a reverse proxy, so it will decrypt packets for inspection. That said, there is nothing listed anywhere that says TMG is a mitigator for this vulnerability, so I assume it uses the same schannel as a generic OS.
From: [email protected] [mailto:[email protected]] On Behalf Of Richard Stovall Sent: Friday, 14 November 2014 1:35 PM To: [email protected] Subject: Re: [NTSysADM] MS14-066 - secure channel vulnerability Well, TMG is Windows, right? Personally, out of an abundance of caution, I would assume the TMG server itself is also vulnerable until patched. And even when it is patched, the underlying web server would need to be patched as well unless TMG inspects encrypted traffic and has a valid signature to block attacks. (Does TMG even do this? I have never worked with it.) I'm assuming other (non-Windows) firewalls that do IPS will get definitions here pretty quickly, but they will still have to decrypt the inbound traffic to do any good. I suspect there's a lot out there that either can't do SSL/TLS decryption or don't have it configured. Bottom line, I think ASB is on the money here. Do the public-facing machines on an emergency basis and do the rest as soon as you reasonably can. On Thu, Nov 13, 2014 at 7:20 PM, Heaton, Joseph@Wildlife <[email protected]<mailto:[email protected]>> wrote: What about web machines behind say, TMG? From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Andrew S. Baker Sent: Wednesday, November 12, 2014 5:57 PM To: ntsysadm Subject: Re: [NTSysADM] MS14-066 - secure channel vulnerability There's nothing in the wild *as yet*, but given the wormable potential, I would expect exploit code within 4-6 business days. Patch perimeter exposed systems as soon as you can, and work from there. Be advised that if a client system gets hit, it will be able to hit all the systems that it has access to within your network. Regards, ASB http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker> Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market… On Wed, Nov 12, 2014 at 3:06 PM, geoff taylor <[email protected]<mailto:[email protected]>> wrote: Looking for opinions on how urgent this is, and your plan of attack. No shortage of people crying Wolf. As usual SANs is balanced and sane recognizing the possible severe implications and yet acknowledging that a well thought out patching approach (expedited perhaps) is the best defense. http://preview.tinyurl.com/phz3my4 gt
