Internet Storm Center identifies active exploit of vulnerability in http.sys

The Internet Storm Center has raised its Internet security alert stage to yellow as the organization sees widespread abuse of a critical vulnerability in the Windows component http.sys. Microsoft has patched the leak, but the hole is now being used for DDOs attacks.

According to the Internet Storm Center, “Internet-wide” network scans and exploits have been spotted looking for vulnerable web servers that have not yet patched the vulnerability in http.sys. The servers running IIS web server software on top of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1 and Windows Server 2012 R2 can thus become victims of DDOs attacks.

An estimate by security company Netcraft comes to a potential 70 million websites that are vulnerable on approximately 900,000 servers. Partly for this reason and the fact that more and more scans and exploits are being reported, the Internet Storm Center has raised the alert phase to yellow. The organization thus indicates that this is a dangerous security problem, the exact consequences of which are still unknown.

Microsoft released a patch earlier this week to close the security flaw. The software giant also stated that the vulnerability in http.sys can in certain cases be abused to take over a system by sending a modified http request. In addition to patching Windows, the caching mechanism of IIS can also be temporarily disabled, but this results in a loss of performance.