I just read this and wanted to raise some awareness: http://www.theregister.co.uk/2016/08/02/smb_attack_is_back/ Once again the guys at MS show their genius. This exploit has existed since 1997!
ah.. ah well you can always set that group policy to fix this problem. Open group policy editor. Go to Windows Settings -> Security Settings -> Local Policies -> Security Options and set "Network security: Restrict NTLM: Outgoing NTLM Traffic to remote servers" to "deny all"
I don't know about that one, but if you look at the linked PDF ( https://www.blackhat.com/docs/us-15...d-SMBv2-Sharing-More-Than-Just-Your-Files.pdf ), slides 25 to 30, at least the user auth setting is set in the registry, later queried, but then simply ignored. The safest bet really might just be to simply block the ports. //EDIT: Looking at this: https://medium.com/@ValdikSS/deanon...soft-and-vpn-accounts-f7e53fe73834#.t0di2jo8e Those NTLM Restriction Settings in the registry should work too though.
Yes, unfortunately I cant set them on my work pc because of shitty SVN configuration. But I'll fix that sometime I guess.
I am pretty sure that this bug will not affect anyone here. Who uses Outlook/Edge for personal email/browsing?
I'd like to use Outlook as Thunderbird is a bit fucky at times. Edge, though. As soon as my favourite extensions from Chrome gets either ported or an alternative is made, I'm willing to drop Chrome for good. Shit's nice.
