Symptoms
A remote code execution vulnerability exists in the HTTP protocol stack (HTTP.sys) that is caused when HTTP.sys improperly parses specially crafted HTTP requests. An attacker who successfully exploited this vulnerability could execute arbitrary code in the context of the System account.
To exploit this vulnerability, an attacker would have to send a specially crafted HTTP request to the affected system. The update addresses the vulnerability by modifying how the Windows HTTP stack handles requests.
Request is using the Range-header to trigger a buffer overflow and detect if the system is vulnerable or not. When sending such a request, it can trigger a blue screen on the Windows Server, effectively rendering it offline.
Cause
MS15-034 security vulnerability. More details can be found at
http://technet.microsoft.com/security/bulletin/MS15-034
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1635
Vulnerable Server systems (including Server Core installations):
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2012
- Windows Server 2012 R2
Resolution
Install latest Microsoft updates depending on the used OS version:
Odin Service Automation functionality is not affected by these updates.