HTTP: Microsoft Windows File Handling Component Remote Code Execution (CVE-2014-0315)
I have seen a lot of these begin to fire. In the packet capture, I can see that it is being caused by clients requesting a desktop.ini be created on a share (presumably this is normal behavior for saving folder layout options). Looking at the security advisory for this threat, I don't see anything about Desktop.ini being an issue. Perhaps this is an issue with the signature? Anyone else seeing this?