• Article for your preferred language does not exist. Below is international version of the article.

Article ID: 125231, created on Apr 16, 2015, last review on Apr 16, 2015

  • Applies to:
  • Operations Automation
  • Business Automation

Symptoms

A remote code execution vulnerability exists in the HTTP protocol stack (HTTP.sys) that is caused when HTTP.sys improperly parses specially crafted HTTP requests. An attacker who successfully exploited this vulnerability could execute arbitrary code in the context of the System account.

To exploit this vulnerability, an attacker would have to send a specially crafted HTTP request to the affected system. The update addresses the vulnerability by modifying how the Windows HTTP stack handles requests.

Request is using the Range-header to trigger a buffer overflow and detect if the system is vulnerable or not. When sending such a request, it can trigger a blue screen on the Windows Server, effectively rendering it offline.

Cause

MS15-034 security vulnerability. More details can be found at

http://technet.microsoft.com/security/bulletin/MS15-034

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1635

Vulnerable Server systems (including Server Core installations):

  • Windows Server 2008 R2 for x64-based Systems Service Pack 1

  • Windows Server 2012

  • Windows Server 2012 R2

Resolution

Install latest Microsoft updates depending on the used OS version:

Odin Service Automation functionality is not affected by these updates.

Search Words

overflow

range IIS

MS15-034

CVE-2015-1635

5356b422f65bdad1c3e9edca5d74a1ae caea8340e2d186a540518d08602aa065 e12cea1d47a3125d335d68e6d4e15e07 198398b282069eaf2d94a6af87dcb3ff

Email subscription for changes to this article
Save as PDF