A security vulnerability in various MS Windows OS’s
A remote code execution vulnerability exists in the HTTP protocol stack (HTTP.sys), and has the common vulnerability and exposures designation of CVE-2015-1635. It is caused when HTTP.sys improperly parses specially crafted HTTP requests. An attacker who successfully exploited this vulnerability could execute arbitrary code in the context of the System account. Effectively, this security bug allows attackers to knock windows web servers offline by sending a simple HTTP request, resulting in a blue screen of death.
Microsoft have fixed this with the recent patch Tuesday round of updates.
For more information see:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1635
http://www.theregister.co.uk/2015/04/16/http_sys_exploit_wild_ms15_034/
Or search for ‘ HTTP Pings of Death ‘ or ‘ CVE-2015-1635 ‘
If you have any further questions, please email support@netnorth.co.uk
Regards
Netnorth Support