Must Patch Microsoft MS015-034 ASAP

Tuesday the patch was released:

Here is where it started CVE-2015-1635  Description:

HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka “HTTP.sys Remote Code Execution Vulnerability.”

the vulnerability was created 20150217

This means that the actual KB3042553 is what its called after Microsoft creates the patch and sets the Tuesday April the 14th for rollout to us:

kb3042553

 

As soon as CVE-201501635 was created, a clock started – the clock of who will get an exploit to attack machines.

 

This is the result:

DenialofServiceattacksfromCVE-2015-1635

Lets review what happened.

A new CVE(Common Vulnerability and Exposures) is released At https://cve.mitre.org/

on 02/17/2015 which means that now all the hackers know there is a potential vulnerability HTTP.sys Remote Code Execution.

So guess what will happen? Now the hackers will try and find a way to hack http.sys by using the current Metasploit attacks, and potentially changing the scripts to make a successful attack.

In the meantime the Microsoft engineers have to figure out a way to set up the http.sys code in such a way where it does all the functionality and fixes the vulnerability.

Notice there is a timeline now

02/17/2015 – vulnerability exposed Microsoft working on fix

02/17/2015 hackers trying to create valid vulnerability attacking http.sys

4/15/2015 – Microsoft releases patch

4/15/2015 Internet Storm Center noticed their honeypots  getting attacked using something that attacks this issue:

{Update: We are seeing active exploits hitting our honeypots from 78.186.123.180. We will be going to Infocon Yellow as these scans use the DoS version, not the “detection” version of the exploit. The scans appear to be “Internet wide”.}

Notice the infocon Yellow upgrade due to the new vulnerability and attacks.

Internetstormcenterthreatlevelyellow

 

 

So you say big deal – now everyone will patch their systems and the vulnerability will no longer be an issue.  That would be true but there is this problem where not everyone patches their computers.

 

There are attacks on the Internet of 5 year old vulnerabilities.

People are hacking Windows XP systems which are obsolete as of 8th, April, 2014  Microsoft no longer created patches for new vulnerabilities found  for the software in a WindowsXP machine.  And we know there are at least 3% of all computer systems still WindowsXP (which are very easy to hack).

http://www.zdnet.com/article/the-federal-government-on-what-are-the-most-popular-us-end-user-operating-systems/   This link explains what computers are accessing the Federal government:

Windows 58.4 %

iOS 16.4%

Macintosh 9.2%

Android 13.9%

Other 2 %

of the windows machines:

3.4 % of users are using windowsXP

Windows7 is 41.5 %

Windows8.x is 11.1%

We recommend that you patch your systems once you test the systems, and upgrade away from WindowsXP as soon as you can.

 

Advertisements