21 Apr

A critical security bulletin – multiple Microsoft products

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted HTTP request to an affected Windows system.

This security update is rated Critical for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. For more information, see the Affected Software section.

The security update addresses the vulnerability by modifying how the Windows HTTP stack handles requests. For more information about the vulnerability, see the Vulnerability Information section.

For more information about this document, see Microsoft Knowledge Base Article 3042553.

Bulletin: https://technet.microsoft.com/library/security/ms15-034

Another Write Up: https://ma.ttias.be/remote-code-execution-via-http-request-in-iis-on-windows/?hn

Hacker News Discussion: https://news.ycombinator.com/item?id=9380468