cancel
Showing results for 
Search instead for 
Did you mean: 
gene33
Level 9
Report Inappropriate Content
Message 1 of 2

HTTP: Microsoft Windows File Handling Component Remote Code Execution (CVE-2014-0315)

I have seen a lot of these begin to fire.  In the packet capture, I can see that it is being caused by clients requesting a desktop.ini be created on a share (presumably this is normal behavior for saving folder layout options).  Looking at the security advisory for this threat, I don't see anything about Desktop.ini being an issue.  Perhaps this is an issue with the signature?  Anyone else seeing this?

1 Reply
Highlighted

Re: HTTP: Microsoft Windows File Handling Component Remote Code Execution (CVE-2014-0315)

Hi Gene,

I see exaclty the same behavior in my environment. Unfortionatly the signature string hits exactly for the file name "desktop.ini". Did you open a case with support yet?

Best Regards,

Cedric

MPower Badge Now Available
Customers attending MPower can earn a community badge. Check into the MPower forum and say hi to have the badge awarded to your community profile.