SharePoint Admins:

Time to patch your Windows Server 2008/R2, 2012/R2, and Windows 7,8, 8.1 OS if you are running IIS or http.sys. You have to love kernel caching for IIS, which should be disabled. A simple curl request can BSOD a server, and according to the bulletin, allow remote code execution under a system account.

Microsoft Security Bulletin MS15-034 – Critical

Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553)

Executive Summary

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted HTTP request to an affected Windows system [also BSOD].This security update is rated Critical for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. For more information, see the Affected Software section.

The security update addresses the vulnerability by modifying how the Windows HTTP stack handles requests. For more information about the vulnerability, see the Vulnerability Information section.

For more information about this document, see Microsoft Knowledge Base Article 3042553.

https://technet.microsoft.com/library/security/MS15-034

Special Thanks:

https://ma.ttias.be/remote-code-execution-via-http-request-in-iis-on-windows/

SharePoint and Project

On-prem and online

Vulnerabilities

IIS Remote Code Execution Vulnerability and Patches

SharePoint Admins:

Microsoft Security Bulletin MS15-034 – Critical

Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553)