Details On An Important Microsoft IIS Vulnerability
Added on: 04.15.15, by Jeff Wilhelm
A remote code execution vulnerability exists in the Windows HTTP stack that is caused when HTTP.SYS parses specially-crafted HTTP requests. An attacker who has successfully exploited this vulnerability could execute arbitrary code under the SYSTEM context. Details of the bug are withheld, but exploit code is floating around. Microsoft describes the issue in security bulletin MS15-034. An update (KB3042553) is already available for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. As a workaround, Microsoft offers disabling IIS kernel caching.
Disable kernel caching (https://technet.microsoft.com/en-us/library/cc731903(v=ws.10).aspx)
MS Security Bulletin: