Security

Mitigation Instructions for CVE-2015-1635

Written by CyRisk Vulnerability Management Team | Mar 21, 2023 7:41:54 PM

SUBJECT: Microsoft Windows HTTP.sys Code Execution Vulnerability

TECH STACK: PHP before 5.3.12 and 5.4.x before 5.4.2

DATE(S) ISSUED: 05/11/2012

CRITICALITY: HIGH

OVERVIEW:

Microsoft Windows HTTP.sys Code Execution is a high risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least April 14, 2015, but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.

Impact: HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka “HTTP.sys Remote Code Execution Vulnerability.”

The vulnerability affects Microsoft Windows 7, Microsoft Windows 8, Microsoft Windows 8.1, Microsoft server 2008, Microsoft server 2012, Microsoft server 2012 R2 and it was discovered and disclosed in April 14, 2015. It is considered a critical vulnerability due to the ability of an attacker to execute arbitrary code on the server.

NIST Description: HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."

https://nvd.nist.gov/vuln/detail/CVE-2015-1635

THREAT INTELLIGENCE:

CISA has added CVE-2015-1635 to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerability. This vulnerability is a frequent attack vector for malicious cyber actors of all types and poses significant risk to the federal enterprise. 

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

SOLUTION:

To patch the HTTP.sys Code Execution Vulnerability (CVE-2015-1635), it is important All future security and non-security updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require update 2919355 to be installed. We recommend that you install 2919355 on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer in order to receive continued future updates.

Here are the steps to update PHP on a Unix-based system (such as Linux or macOS):

  1. Check the version of PHP that is currently installed on your system. You can do this by running the following command:

$ php -v

Windows 10 and Windows 11

  1. Click the Start button (Windows icon) and choose Settings
  2. Click Update & security (Windows 10) or Windows Update (Windows 11)
  3. Click Check for updates and install the listed updates
  4. You may need to re-run the Check for Updates after installing the first set of updates, so repeat steps 1-4 until there are no further updates available. Even when the system reports 'No more important updates', this can be misleading, so click on this message and choose 'Get more info' and you may see there are further updates listed.

Windows 8 and Windows 8.1

  1. Move your cursor to the bottom left of the screen until you see the Start icon
  2. Right-click on the Start icon and choose Control Panel
  3. Search for Windows Update using the search box at the top right of the Control Panel
  4. Click Check for Updates and install the listed updates
  5. You may need to re-run the 'Check for Updates' after installing the first set of updates, so repeat steps 1-4 until there are no further updates available. Even when the system reports 'No more important updates', this can be misleading, so click on this message and choose 'Get more info' and you may see there are further updates listed.

REFERENCES:

MICROSOFT:MS15-034

URL:https://support.microsoft.com/en-us/topic/ms15-034-vulnerability-in-http-sys-could-allow-remote-code-execution-april-14-2015-e8755c1e-c5a8-fa75-c7b1-32087b127850