SUBJECT: Microsoft Windows HTTP.sys Code Execution Vulnerability
TECH STACK: PHP before 5.3.12 and 5.4.x before 5.4.2
DATE(S) ISSUED: 05/11/2012
CRITICALITY: HIGH
OVERVIEW:
Microsoft Windows HTTP.sys Code Execution is a high risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least April 14, 2015, but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.
Impact: HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka “HTTP.sys Remote Code Execution Vulnerability.”
The vulnerability affects Microsoft Windows 7, Microsoft Windows 8, Microsoft Windows 8.1, Microsoft server 2008, Microsoft server 2012, Microsoft server 2012 R2 and it was discovered and disclosed in April 14, 2015. It is considered a critical vulnerability due to the ability of an attacker to execute arbitrary code on the server.
NIST Description: HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
https://nvd.nist.gov/vuln/detail/CVE-2015-1635
THREAT INTELLIGENCE:
CISA has added CVE-2015-1635 to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerability. This vulnerability is a frequent attack vector for malicious cyber actors of all types and poses significant risk to the federal enterprise.
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
SOLUTION:
To patch the HTTP.sys Code Execution Vulnerability (CVE-2015-1635), it is important All future security and non-security updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require update 2919355 to be installed. We recommend that you install 2919355 on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer in order to receive continued future updates.
Here are the steps to update PHP on a Unix-based system (such as Linux or macOS):
$ php -v
REFERENCES:
MICROSOFT:MS15-034