Attackers actively downing Microsoft’s IIS web servers

Attackers are actively exploiting a DoS vulnerability (CVE-2015-1635) affecting Microsoft’s Internet Information Services (IIS) extensible web server, SANS ISC CTO Johannes Ullrich warns, and urges administrators to close the hole as soon as possible.

The patch for the flaw was released by Microsoft on Tuesday.

“In its advisory, Microsoft considered the vulnerability as a remote code execution vulnerability. But at this point, no exploit has been made public that executed code. Only DoS exploits are available,” noted Ullrich.

“To exploit this vulnerability, an attacker would have to send a specially crafted HTTP request to the affected system,” Microsoft noted.

Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2 running IIS are affected.

Ullrich has provided code for a request to send to the server in order to check whether it’s vulnerable and a Snort rule that should protect affected servers against exploits.




Share this