Critical Alert: HTTP.sys Remote Code Execution Vulnerability Affecting Windows Systems - CVE-2015-1635
Reference: Microsoft Security Bulletin MS15-034 - Critical - Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553)
This advisory is provided as a courtesy.
We would like to bring to your attention a newly discovered security bug affecting Microsoft Windows systems. The vulnerability could allow remote code execution if an attacker sends a specially crafted HTTP request to an affected Windows system. This vulnerability is rated as Critical and all customers' Windows systems are affected. You are strongly advised to apply the relevant fixes to any affected systems immediately.
Impact
The vulnerability could allow remote code execution if an attacker sends a specially crafted HTTP request to an affected Windows server.
Affected Operating Systems
Windows 7
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows 8 and Windows 8.1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012 and Windows Server 2012 R2
Windows Server 2012
Windows Server 2012 R2
Server Core installation option
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
How To Check If Affected
To check if your Windows system is affected, you can access below URL:
https://lab.xpaw.me/MS15-034/
Key in your Windows system's hostname or IP address. Note that this check script is provided by external third party site.
How To Fix The Vulnerability
To fix this problem and to ensure that your servelets/servers are not affected by this vulnerability, please proceed to install the latest patches by running Windows Update. In most Windows systems, log in as Administrator and then go to Start > All Programs > Windows Update.
Customers are advised to run Windows Update to patch their servelets/servers immediately.
More information:
Microsoft Security Bulletin MS15-034 - Critical
Microsoft Zero-Day Bug Being Exploited In The Wild
4 no-bull facts about Microsoft's HTTP.sys vulnerability
Request Assistance
If needed, we will perform the patch installation for you at a one-time discounted fee of $45. Please submit your order at Order -> Additional Services -> Select Vulnerability Fix - WINDOWS: HTTP.sys; Schannel; Freak Attack (Win) $45
Or please first open a support ticket and give us the hostname, ip address and OS template. You can find this information on your servelet's control panel.
For example:
Hostname: your-servelet-hostname
IP Address: 103.25.0.3
OS Template: Windows Server 2012 R2 (64-bit)
Thank you.
SimplerCloud Support Team
??
English
Bahasa Indonesia
???
Espanol