Remote Code Execution Vulnerability Found in Windows HTTP

Remote Code Execution Vulnerability Found in Windows HTTP

EXP:CVE-2015-1635


HTTP.sys (IIS) DoS and Possible Remote Code Execution (MS15-034, CVE-2015-1635)

Microsoft has disclosed a remote code execution vulnerability in the Windows HTTP protocol stack. CVE-2015-1635 is an overflow vulnerability in HTTP.sys affecting all actively supported OS versions. A successful exploit attempt allows remote attackers to execute arbitrary code or trigger an unrecoverable error via crafted HTTP requests causing a denial of service.

Additional information can be found at:

https://technet.microsoft.com/en-us/library/security/ms15-034.aspx

https://isc.sans.edu/forums/diary/MS15034+HTTPsys+IIS+DoS+And+Possible

Recommendations

  • We recommend patching all IIS servers immediately

Systems Affected

  • Microsoft Windows 7 SP1
  • Windows Server 2008 R2 SP1
  • Windows 8
  • Windows 8.1
  • Windows Server 2012 Gold and R2

Vulnerable Versions

All actively supported Microsoft OS versions

Patches

Due to the high volume of proof-of-concept exploits published over the past couple of days we strongly advise patching any vulnerable systems as soon as possible. https://support.microsoft.com/en-us/kb/3042553

Alert Detection

The Masergy Threat Intelligence Team has deployed the following alerts to detect the exploitation of this vulnerability.

EXP:CVE-2015-1635

Possible inbound IIS integer overflow exploit attempt. CVE-2015-1635 is an overflow vulnerability in HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code or cause a denial of service via crafted HTTP requests.

We've updated our privacy policy. We use cookies to improve the experience of our users, better understand how our website is used, and personalize advertising. By continuing to use this site you are giving us your consent to do this. You can read more and make cookie choices by visiting our privacy policy.