To: tacticalogic; SunTzuWu
>
If they already own your DC you're screwed anyway. I think the point is that no vulnerability should be "excused away". Flaws -- regardless of where and what they are -- should get identified, analyzed, and fixed.
I'm sure you're not actually saying that there's no value to fixing the vuln, right?
18 posted on
12/15/2015 5:07:40 PM PST by
dayglored
("Listen. Strange women lying in ponds distributing swords is no basis for a system of government.")
To: dayglored
I think the point is that no vulnerability should be "excused away". Flaws -- regardless of where and what they are -- should get identified, analyzed, and fixed. >
What would you say to someone who breathlessly announced they had found a fundamental flaw in the Linux OS that gave you complete control of the machine, but only if you're logged in as Root?
21 posted on
12/15/2015 5:25:02 PM PST by
tacticalogic
("Oh bother!" said Pooh, as he chambered his last round.)
To: dayglored
I'm sure you're not actually saying that there's no value to fixing the vuln, right? The "fix" is to install Credential Guard.
Windows stores passwords for service accounts and interactive logins in memory. Programs like MimiKatz running under local admin authority can read them. The "vulnerability" this researcher claims to have found has been known about and discussed by Microsoft and various people in the security community for quite some time.
25 posted on
12/15/2015 7:40:28 PM PST by
tacticalogic
("Oh bother!" said Pooh, as he chambered his last round.)
To: dayglored
26 posted on
12/15/2015 7:42:24 PM PST by
SunTzuWu
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson