I have been told that @FireEye_Intel is telling their customers that the recent Exchange vulnerability is actually CVE-2018-8581, and that the workaround of deleting a registry key for CVE-2018-8581 will protect you against exploitation.
This is NOT TRUE, and is dangerous advice.
-
-
Replying to @wdormann @FireEye_Intel
why does Microsoft mention that key as well? https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8581 …
1 reply 0 retweets 1 like
Replying to @bin_da @FireEye_Intel
Microsoft mentions that key in https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8581 … because it's talking about CVE-2018-8581, which was published in November. Last week's Exchange 0day, also documented at https://www.kb.cert.org/vuls/id/465632/ is NOT CVE-2018-8581.
0 replies
2 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.