Re: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP

[Florian Weimer <fw@xxxxxxxxxxxxx>]

3APA3A wrote:

> ASN.1  is  used  by  many  services,  but  all  use different underlying
> protocols.  It's  not  likely  NetMeeting or MS ISA server to be primary
> attack  targets.  Attack  against  MS  IPSec  implementation,  Exchange,
> SMB/CIFS, RPC services, IIS and specially IE will no have impact to VoIP
> infrastructure  (except  connectivity  degradation  because  of  massive
> traffic).

I wish your assessment were true, but it's not.  Cisco Call Manager is
based on Windows, and Cisco still has to certify the patches Microsoft
released.

It's sad that Microsoft apparently hasn't used those six months to
properly coordinate the issue with OEM vendors.