Details On An Important Microsoft IIS Vulnerability

Our Providence address:
999 Main Street, Suite 715
Pawtucket, RI 02860
401-272-6688
Our Boston address:
800 South Street, Suite 300
Waltham, MA 02453
855-679-2971

Details On An Important Microsoft IIS Vulnerability

Added on: 04.15.15, by Jeff Wilhelm

A remote code execution vulnerability exists in the Windows HTTP stack that is caused when HTTP.SYS parses specially-crafted HTTP requests. An attacker who has successfully exploited this vulnerability could execute arbitrary code under the SYSTEM context. Details of the bug are withheld, but exploit code is floating around. Microsoft describes the issue in security bulletin MS15-034. An update (KB3042553) is already available for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. As a workaround, Microsoft offers disabling IIS kernel caching.

Summary:
https://ma.ttias.be/remote-code-execution-via-http-request-in-iis-on-windows/

Workaround:
Disable kernel caching (https://technet.microsoft.com/en-us/library/cc731903(v=ws.10).aspx)

Patch:
https://support.microsoft.com/en-us/kb/3042553/

MS Security Bulletin:
https://technet.microsoft.com/library/security/MS15-034

CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1635

View All Blog Articles