[Dailydave] SSLMAGEDON BEGINS! ;>

Dave Aitel dave at immunityinc.com
Thu Nov 13 20:26:30 EST 2014


We need to have a competition for silliest name. But regardless, one of
the members of the team put this completely harmless screenshot together
that demonstrates a pre-auth attack against Windows 7 RDP using the
SChannel bug. Tomorrow we're putting this in CEU and starting the path
of investigating full RCE potential.

Thanks to whoever found such a great bug! This is the first default bug
in modern IIS and RDP in a long time (over a decade?).

Everyone running a Windows server on the Internet is going to wish they
had El Jefe installed on it. :>
-dave


-------------- next part --------------
A non-text attachment was scrubbed...
Name: schannel_sanitized.png
Type: image/png
Size: 74508 bytes
Desc: not available
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20141113/c5a528e3/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20141113/c5a528e3/attachment-0001.sig>


More information about the Dailydave mailing list