Microsoft’s HTTP stack is falling down – Urgent action required

binary-system-557605_1280This week saw the latest patch Tuesday release from the overworked security engineering team at Microsoft.

The release included 4 critical issues which are all serious, however one of them is in the general view of the security community, much more serious than others.

MS15-034 reports a bug in Microsoft’s HTTP stack which allows remote code execution on any machine responding to HTTP requests including servers (obviously IIS servers) and desktops which might be running an HTTP receiver – things like peer to peer messaging, configuration tools or even something nasty already running that you don’t know about.

What makes this really bad is that proof of concept code is doing the rounds on the Internet as you are reading this and we are expecting probing on an unprecedented level over the coming days and weeks.

What does this mean? It means that if you do anything, implement MS15-034 as soon as possible.

If you are running IIS server and for some reason cannot implement the patch, there is a workaround, which you can apply before the patch, which is to disable IIS kernel caching, which is enabled by default in IIS 7 onwards. This is detailed in the Microsoft bulletin.

In other grim news there is a new version of Adobe Flash that fixes no fewer than 22 vulnerabilities, which along with the other Microsoft critical patches should keep you busy.

Our engineers will be looking for IIS server kernel errors which are an indicator that the machine is being probed on behalf of our NetSure360° managed security customers.

As we are always telling you, our award winning NetSure360° platform can really help with patching decisions, providing details on what you are vulnerable to down to versions of code running on individual users machines enabling you to best focus your efforts.

If you would like us to tell you more about how NetSure360° works, how we deploy it or in fact discuss anything about security with you, please contact us on: [email protected] or 020 7517 3900.