1 Reply Latest reply on May 15, 2014 7:50 AM by cedricr

    HTTP: Microsoft Windows File Handling Component Remote Code Execution (CVE-2014-0315)

    gene33

      I have seen a lot of these begin to fire.  In the packet capture, I can see that it is being caused by clients requesting a desktop.ini be created on a share (presumably this is normal behavior for saving folder layout options).  Looking at the security advisory for this threat, I don't see anything about Desktop.ini being an issue.  Perhaps this is an issue with the signature?  Anyone else seeing this?