1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Microsoft MS15-034 (HTTP.sys DoS, Memory Disclosure and potential Remote Code Execution)

Discussion in 'Basefarm' started by RSS, Apr 16, 2015.

  1. RSS

    RSS New Member Member

    As mentioned in our post for Patch Tuesday April 2015, the MS15-034 has now work a working exploit which causes a DoS for unpatched Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2, if they’re running a service that’s using IIS (or any other service uding HTTP.sys) and have kernel caching turned on (which it is by default).

    This DoS is extremely simple to cause (just a simple curl/wget), and will cause your server to have a BSOD.

    Update: It seems like this issue also does information disclosure à la heartbleed. With small modifications to yesterdays published exploit one can disclose memory regions from a vulnerable server.
    There has also been rumours that Exchange servers with autodiscovery turned on are vulnerable for DNS hijacking/corruption.

    There are various ways to see if you are vulnerable, but they are not fool-proof and because of this it is extremely advised to just apply the patch.

    It is just a matter of time now before a remote code execution exploit is released, which means someone would gain control of your server, so do not wait to patch your systems.

    Continue reading...

Share This Page