Hole On The Range — Time To Patch Windows Webservers

Posted on Apr 15, 2015
Share Button

TIMEA new vulnerability announced by Microsoft on Tuesday may allow attackers anywhere on the Internet to crash or take over Windows web servers with specially crafted HTTP (web) requests. The vulnerability is in the “Range” handling feature of Microsoft’s HTTP handling library.

This is one of the rare vulnerabilities that can be attacked directly and without having to trick humans to help. Exploits are showing up on the Internet so you best patch those Windows web servers as soon as possible!

See https://technet.microsoft.com/library/security/MS15-034 for details and a workaround.