
Microsoft Warns of a 17-Year-Old ‘Wormable’ Bug - MindGods
https://www.wired.com/story/sigred-windows-dns-flas-wormable/
======
Pick-A-Hill2019
Out of all of the Microsoft DNS bug submissions I've seen so far today this
summary from Wired provides the best take on it.

What fascinated me was >The firm says that despite the 17 years that SigRed
has lingered in Windows DNS, it has yet to find any indication of an attack on
its clients' networks so far.

Wow, that's a _long_ time for it to be open and undiscovered (or perhaps more
accurately not known to have been actively exploited). When I see things like
this (and other bugs) I wonder how often things that 'couldn't happen unless
user visited $bad url' turn out to be a false accusation. Sure - HIGHLY
unlikely but, if you ever find yourself in a position of determining
somebody's guilt, consider this bug and whether you would have (in 2003) have
said it was even a possibility.

