IIS Remote Code Execution Vulnerability and Patches

SharePoint Admins:

Time to patch your Windows Server 2008/R2, 2012/R2, and Windows 7,8, 8.1 OS if you are running IIS or http.sys.  You have to love kernel caching for IIS, which should be disabled.  A simple curl request can BSOD a server, and according to the bulletin, allow remote code execution under a system account.

Microsoft Security Bulletin MS15-034 – Critical

Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553)

Executive Summary

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted HTTP request to an affected Windows system [also BSOD].This security update is rated Critical for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. For more information, see the Affected Software section.

The security update addresses the vulnerability by modifying how the Windows HTTP stack handles requests. For more information about the vulnerability, see the Vulnerability Information section.

For more information about this document, see Microsoft Knowledge Base Article 3042553.

https://technet.microsoft.com/library/security/MS15-034

Special Thanks:

https://ma.ttias.be/remote-code-execution-via-http-request-in-iis-on-windows/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s