Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

MS15-034 flaw leaves over 70 million sites vulnerable to cyber attacks

Security experts worldwide have discovered that threat actors are exploiting the Microsoft Zero-Day vulnerability MS15-034 in cyber attacks. Security researchers at SANS Internet Storm Center revealed that the critical remote code execution vulnerability MS15-034 affecting the Windows HTTP protocol stack is being actively exploited in the wild. The experts explained that the MS15-034 flaw affects […]

January 2018 CVE-2018-0986Patch Tuesday

Security experts worldwide have discovered that threat actors are exploiting the Microsoft Zero-Day vulnerability MS15-034 in cyber attacks.

Security researchers at SANS Internet Storm Center revealed that the critical remote code execution vulnerability MS15-034 affecting the Windows HTTP protocol stack is being actively exploited in the wild. The experts explained that the MS15-034 flaw affects Windows 7, 8, and 8.1, Windows Server 2008 R2, 2012, and 2012 R2 leaving over 70 million websites vulnerable to cyber attacks.

“This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted HTTP request to an affected Windows system.” states the Microsoft security bulletin.

The vulnerability resides in new IIS releases and does not impact sites that use Windows Server 2003.

The exploitation of the flaw is quite easy, attackers just need to send a specially crafted HTTP request to a vulnerable ISS server.

“The problem is that this will easily crash systems,” says Johannes Ullrich, CTO of the SANS Internet Storm Center. “It is not a denial of service, and not easily a data leakage issue like Heartbleed. But even crashing millions of IIS servers could cause significant impact, as many large sites use IIS.”

Microsoft has patched the MS15-034 flaw this week by disabling IIS kernel caching, but experts warn that this solution would cause performance decrease.

To better understand the real impact of the flaw let consider more than 70 million websites are potentially vulnerable according a survey conducted by the Netcraft firm.

“Netcraft’s latest Web Server Survey shows more than 70 million websites could be vulnerable, including Microsoft IIS servers that sit behind non-Windows load balancers. The total number of servers involved in hosting these sites stands at around 900,000, which is more than a sixth of all web-facing computers in the world.” wrote Netcraft in a blog post.

Security experts at Sans and at Qualys warned that the attack observed were conducted using an exploit code that could be easy to find in the criminal ecosystem.

“These are real attackers, as they use the version of the exploit that will crash systems,” Ullrich says. “The exploit used by researchers did not crash systems. There is currently remote code execution exploit in sight.”

MS15-034 code_snippet

“We rated it the top bulletin this month,” says Qualys CTO Wolfgang Kandek, “because the code is known to attackers already and it does not look to be very difficult [to exploit]. With Microsoft publishing the bulletin, the current owners of the exploit will most likely sell it off to as many interested parties as possible to get maximum benefit from its now limited lifespan. I continue to rank it as: ‘Fix as quickly as possible.'”

The experts urge to update the systems in order to patch the MS15-034 flaw.

Pierluigi Paganini

(Security Affairs –  MS15-034, Microsoft)