Microsoft Security Bulletin MS15-034

A remote code execution vulnerability exists in the Microsoft HTTP protocol stack (HTTP.sys) that is caused when HTTP.sys improperly parses specially crafted HTTP requests. An attacker successfully exploiting this vulnerability could execute arbitrary code in the context of the System account. Affected systems are Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2 and Server Core. The Microsoft announcemnet is here: https://technet.microsoft.com/library/security/MS15-034.

It has been assigned CVE-2015-1635: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1635

Currently proof of concept code exists which attempts to trigger a buffer overflow using the Range header in the HTTP request. This can cause Windows machines to "bluescreen".

Risk: Critical

Aura currently rates this vulnerability as a critical risk.

RedShield Cloud

RedShield has implemented specific mitigation signatures to detect this activity within applications protected by RedShield Cloud. At this stage, given the available information, we believe RedShield Cloud customers are protected from this vulnerability as of 11.00am 16th April 2015.

RedShield customers are certainly protected from the currently known variant of this attack, using the Range header attack vector.