Vulnerabilities / Threats

4/16/2015
12:30 PM
Connect Directly
Twitter
RSS
E-Mail
100%
0%

Microsoft Zero-Day Bug Being Exploited In The Wild

As attacks mount, and over 70 million websites remain vulnerable, advice is "fix now."

A critical remote code execution vulnerability affecting the Windows HTTP protocol stack is being actively exploited in the wild, according to the SANS Internet Storm Center. MS15-034 affects Windows 7, 8, and 8.1, Windows Server 2008 R2, 2012, and 2012 R2. It can be exploited by sending a specially crafted HTTP request to a vulnerable server.  

"The problem is that this will easily crash systems," says Johannes Ullrich, CTO of the SANS Internet Storm Center. "It is not a denial of service, and not easily a data leakage issue like Heartbleed. But even crashing millions of IIS servers could cause significant impact, as many large sites use IIS."

The good news is that this vulnerability was only introduced in relatively new IIS releases, so it does not impact sites that use Windows Server 2003. So, according to Netcraft's latest Web Server Survey, while more than 70 million websites could be vulnerable, the 130 million sites that run IIS on Server 2003 "would appear to be safe."

Microsoft patched the vulnerability Tuesday. Disabling IIS kernel caching would be a workaround, but would cause performance issues.

Ullrich confirms that the attacks hitting the SANS honeypots are indeed attackers, not just security researchers running tests. 

"These are real attackers, as they use the version of the exploit that will crash systems," Ullrich says. "The exploit used by researchers did not crash systems. There is currently remote code execution exploit in sight."

"We rated it the top bulletin this month," says Qualys CTO Wolfgang Kandek, "because the code is known to attackers already and it does not look to be very difficult [to exploit]. With Microsoft publishing the bulletin, the current owners of the exploit will most likely sell it off to as many interested parties as possible to get maximum benefit from its now limited lifespan. I continue to rank it as: 'Fix as quickly as possible.'"

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
Lessons from My Strange Journey into InfoSec
Lysa Myers, Security Researcher, ESET,  7/12/2018
What's Cooking With Caleb Sima
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14332
PUBLISHED: 2018-07-19
An issue was discovered in Clementine Music Player 1.3.1. Clementine.exe is vulnerable to a user mode write access violation due to a NULL pointer dereference in the Init call in the MoodbarPipeline::NewPadCallback function in moodbar/moodbarpipeline.cpp. The vulnerability is triggered when the user...
CVE-2018-1529
PUBLISHED: 2018-07-19
IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 through 6.0.5 and IBM Rational Requirements Composer 5.0 through 5.0.2 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential...
CVE-2018-1535
PUBLISHED: 2018-07-19
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alteri...
CVE-2018-1536
PUBLISHED: 2018-07-19
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alteri...
CVE-2018-1585
PUBLISHED: 2018-07-19
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alteri...