

15-year-old bug allows malicious code execution in all versions of Windows - canvia
http://arstechnica.com/security/2015/02/15-year-old-bug-allows-malicious-code-execution-in-all-versions-of-windows/

======
blucoat
I have no experience using Active Directory. Is this common practice? I would
personally not even classify this as a bug; it seems like common sense that
running code downloaded from an unauthenticated connection is bad. How is this
different from saying there are critical security bugs in http/ftp, since the
same type of attack is possible (but well known)?

