#microsoft

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain Cluster Administrator privileges.

**Why is this AutoDesk CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in AutoDesk software which is consumed by the Microsoft products listed in the Security Updates table. It is being documented in the Security Update Guide to announce that the latest builds of these products are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

**How could an attacker exploit this vulnerability?** In a network-based attack, an attacker could trigger malicious code in the context of the server's account through a network call.

**According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?** An attacker who successfully exploits this vulnerability could perform a remote attack that could enable access to the victim's information and the ability to alter information. Successful exploitation could also potentially cause downtime for the targeted environment.

**How could an attacker exploit this vulnerability?** In a network-based attack, an attacker could trigger malicious code in the context of the server's account through a network call.

**According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H) and availability (A:H). What does that mean for this vulnerability?** An attacker who successfully exploited this vulnerability could access a user's Net-NTLMv2 hash which could be used as a basis of an NTLM Relay attack against another service to authenticate as the user.

**Is the Preview Pane an attack vector for this vulnerability?** No, the Preview Pane is not an attack vector.

**Is the Preview Pane an attack vector for this vulnerability?** No, the Preview Pane is not an attack vector.

**Is the Attachment Preview Pane an attack vector for this vulnerability?** Yes. The attachment Preview Pane that is accessed when a user clicks to preview an attached file is an attack vector; however, the email Preview Pane itself is not.

The following workaround may be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as they become available even if you plan to leave this workaround in place: **Disable router discovery on IPv6 interface.** You can disable router discovery on the IPv6 interface to prevent attackers from exploiting the vulnerability, with the following PowerShell command: * Set-NetIPInterface -InterfaceIndex \[interface\_index\] -RouterDiscovery Disabled You can disable router discovery on the IPv6 interface to prevent attackers from exploiting the vulnerability, with the following Network Shell (netsh) command: * netsh interface ipv6 set interface \[interface\_name\] routerdiscovery=disabled Please refer to the workaround section of this security bulletin for more information: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-006 **Note:** No reboot is needed after making the change...