Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Recently Patched Windows Flaw Exploited in the Wild for DoS Attacks

SANS Institute researchers advise system administrators to update their Windows operating systems as soon as possible because one of the critical vulnerabilities patched by Microsoft earlier this week is being exploited in the wild.

SANS Institute researchers advise system administrators to update their Windows operating systems as soon as possible because one of the critical vulnerabilities patched by Microsoft earlier this week is being exploited in the wild.

The vulnerability in question, CVE-2015-1635 or MS15-034, plagues the HTTP protocol stack (HTTP.sys). The component is used in Internet Information Services (IIS) versions found in Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2.

Rated “critical” by Microsoft, the security hole can be exploited by sending specially crafted HTTP requests to an affected system. According to Microsoft, the flaw can be exploited for remote code execution.

While so far no one appears to have been able to develop an exploit for remote code execution, a denial-of-service (DoS) exploit was made publicly available shortly after Microsoft announced patching the vulnerability. On Thursday, researchers at the SANS Institute reported seeing Internet-wide attempts to take down vulnerable systems by exploiting this vulnerability.

Johannes Ullrich, Chief Technology Officer of the SANS Internet Storm Center, noted that the hits detected by their honeypots are not just scans performed by someone who might be trying to determine if systems are vulnerable. Instead, they are DoS attacks designed to disrupt affected systems.

Errata Security has attempted to conduct an Internet-wide scan to determine how many web servers are vulnerable, but the results of the test are inconclusive. On the other hand, Netcraft says more than 70 million websites hosted on a total of roughly 900,000 servers could be vulnerable.

Advertisement. Scroll to continue reading.

Ullrich has noted that the vulnerability can also be leveraged for information disclosure, but the proof-of-concept exploits developed so far are not reliable.

Administrators are urged to install the updates provided by Microsoft to protect their systems against attacks. A workaround described by Microsoft involves disabling IIS kernel caching, but the company warns that this can cause performance issues.

Some experts have also pointed out that IIS is possibly not the only vulnerable piece of software because the HTTP.sys component is used for other services as well.

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.