Remote Code Execution Vulnerability Found in Windows HTTP
HTTP.sys (IIS) DoS and Possible Remote Code Execution (MS15-034, CVE-2015-1635)
Microsoft has disclosed a remote code execution vulnerability in the Windows HTTP protocol stack. CVE-2015-1635 is an overflow vulnerability in HTTP.sys affecting all actively supported OS versions. A successful exploit attempt allows remote attackers to execute arbitrary code or trigger an unrecoverable error via crafted HTTP requests causing a denial of service.
Additional information can be found at:
- We recommend patching all IIS servers immediately
- Microsoft Windows 7 SP1
- Windows Server 2008 R2 SP1
- Windows 8
- Windows 8.1
- Windows Server 2012 Gold and R2
All actively supported Microsoft OS versions
Due to the high volume of proof-of-concept exploits published over the past couple of days we strongly advise patching any vulnerable systems as soon as possible. https://support.microsoft.com/en-us/kb/3042553
The Masergy Threat Intelligence Team has deployed the following alerts to detect the exploitation of this vulnerability.
Possible inbound IIS integer overflow exploit attempt. CVE-2015-1635 is an overflow vulnerability in HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code or cause a denial of service via crafted HTTP requests.