cancel
Showing results for 
Search instead for 
Did you mean: 
gene33
Level 9
Report Inappropriate Content
Message 1 of 2

HTTP: Microsoft Windows File Handling Component Remote Code Execution (CVE-2014-0315)

I have seen a lot of these begin to fire.  In the packet capture, I can see that it is being caused by clients requesting a desktop.ini be created on a share (presumably this is normal behavior for saving folder layout options).  Looking at the security advisory for this threat, I don't see anything about Desktop.ini being an issue.  Perhaps this is an issue with the signature?  Anyone else seeing this?

1 Reply
Highlighted

Re: HTTP: Microsoft Windows File Handling Component Remote Code Execution (CVE-2014-0315)

Hi Gene,

I see exaclty the same behavior in my environment. Unfortionatly the signature string hits exactly for the file name "desktop.ini". Did you open a case with support yet?

Best Regards,

Cedric

McAfee ePO Support Center Plug-in
Check out the new McAfee ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.