Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Recently Patched Windows Flaw Exploited in the Wild for DoS Attacks

SANS Institute researchers advise system administrators to update their Windows operating systems as soon as possible because one of the critical vulnerabilities patched by Microsoft earlier this week is being exploited in the wild.

SANS Institute researchers advise system administrators to update their Windows operating systems as soon as possible because one of the critical vulnerabilities patched by Microsoft earlier this week is being exploited in the wild.

The vulnerability in question, CVE-2015-1635 or MS15-034, plagues the HTTP protocol stack (HTTP.sys). The component is used in Internet Information Services (IIS) versions found in Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2.

Rated “critical” by Microsoft, the security hole can be exploited by sending specially crafted HTTP requests to an affected system. According to Microsoft, the flaw can be exploited for remote code execution.

While so far no one appears to have been able to develop an exploit for remote code execution, a denial-of-service (DoS) exploit was made publicly available shortly after Microsoft announced patching the vulnerability. On Thursday, researchers at the SANS Institute reported seeing Internet-wide attempts to take down vulnerable systems by exploiting this vulnerability.

Johannes Ullrich, Chief Technology Officer of the SANS Internet Storm Center, noted that the hits detected by their honeypots are not just scans performed by someone who might be trying to determine if systems are vulnerable. Instead, they are DoS attacks designed to disrupt affected systems.

Errata Security has attempted to conduct an Internet-wide scan to determine how many web servers are vulnerable, but the results of the test are inconclusive. On the other hand, Netcraft says more than 70 million websites hosted on a total of roughly 900,000 servers could be vulnerable.

Ullrich has noted that the vulnerability can also be leveraged for information disclosure, but the proof-of-concept exploits developed so far are not reliable.

Administrators are urged to install the updates provided by Microsoft to protect their systems against attacks. A workaround described by Microsoft involves disabling IIS kernel caching, but the company warns that this can cause performance issues.

Advertisement. Scroll to continue reading.

Some experts have also pointed out that IIS is possibly not the only vulnerable piece of software because the HTTP.sys component is used for other services as well.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.