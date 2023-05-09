Vermillion said: Bingo. You'd need an exploit to get to leverage this exploit. So it's really not that big a deal as long as it gets patched. However, that's the issue so many admins are inept and don't ever bother patching shit. Click to expand...

I don't know about inept... I can say personally that as a single admin I have to watch over 2000 devices and because of budgets, I don't get help so if something gets missed or I forget it or fails and I tell myself "I'll totally look at that on Tuesday and figure out why the update failed" then Tuesday rolls around and Accounting has a problem because and I forget about it then it probably doesn't get looked at until it becomes an eminent problem again. the whole out of site out of mind thing, and it is really easy to forget about the 12'th VM you are running on that one server in that one stack in the back.The realty is you have to assume they are already in and you are already vulnerable and limit their ability to get anything out because, for every escalation exploit that gets reported, there are probably 2 more in the wild nobody thought to look for.I'm in the process of a full review right now and the first thing we are doing is implementing strict inter switch segregation so even across the same vlan 10.20.30.41 might only be able to talk to 10.20.30.42 on port 2080 and only if it is using a valid application signature for and stuff like that.Pain in the ass but bad things are happening too fast and cleanup is too expensive.