

Triggering MS14-066 - PaulSec
http://blog.beyondtrust.com/triggering-ms14-066

======
ecairns
OK, so I admittedly don't have the time to fully analyze this, but it looks
like the bug is in the code that processes client certificates. The default
setting in IIS is to ignore client certificates so does that mean that by
default you can't trigger this exploit against an out of the box IIS setup?

