What You Should Know About Microsoft’s HTTP.sys Vulnerability

Posted by Christal Fleishman - April 20, 2015 - Important Information

Secured data transferMicrosoft has published details about a vulnerability (MS15-034) that affects the Windows HTTP stack. This vulnerability may allow an attacker to send a remote code execution that is crafted specifically for an HTTP request to an affected Windows system.

In English? Your Windows servers and operating systems could be vulnerable to Denial of Service (DoS) attacks. A DoS attack is a malicious attempt to make a server or network resource unavailable to users. Typically the attacker will temporarily interrupt or suspend the service of a host connected to the Internet.

The good news is Windows has already deployed a patch to fix this critical vulnerability. The patch will protect you from the vulnerability by modifying the way Windows HTTP stack handles requests. It is highly recommended that you patch all systems immediately. Patching can be done by simply applying your Microsoft Security Updates and then rebooting your server or workstation.

If you're unable to patch your system at this time there is a temporary workaround. The workaround involves disabling the IIS kernel caching, but we do caution you that this action could cause performance issues.

While Windows and Microsoft alerts are a common buzz in the tech world, it is important to pay attention to news and information about your frequently used systems.

For more information on how technology can work for you subscribe to our blog at http://blog.symquest.com.

 

about the author

Christal Fleishman

Christal Fleishman is SymQuest’s Marketing Manager based in South Burlington, VT. As a modern millennial marketer, Fleishman manages all aspects of advertising for SymQuest including branding, social media, lead generation, campaign management, and strategic planning.

Christal Fleishman
LinkedIn

Comments