- Windows 7 for 32-bit systems Service Pack 1
- Windows 7 x 64 Service Pack 1 systems
- Windows Server 2008 R2 for x 64 Service Pack 1
- Windows Server 2008 R2 for Itanium-based Service Pack 1 systems systems
- Windows 8 for 32-bit systems
- Windows 8 for x 64 systems
- Windows 8.1 for
- Windows 8.1 x 64 systems for 32-bit systems
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2008 R2 for x 64 Service Pack 1 (Server Core installation) systems
- Windows Server 2012 (Server Core installation)
- Windows Server 2012 R2 (Server Core installation)
April 14, 2015, Microsoft announced a critical vulnerability for IIS in the MS15-034 bulletin. The latter is referenced under code CVE-2015-1635.
That allows?
The flaw would allow an attacker to run arbitrary code in the context of the system account. It would also allow a denial of service attack.
Since when does it exist?
All versions of windows since Windows7 and windows 2008R2 from the time when IIS is installed.
Windows 7
Windows Server 2008 R2
Windows 8 and Windows 8.1
Windows Server 2012 and Windows Server 2012 R2
Server Core installation option
How to fix the?
Update your Windows. The patch was deployed and should be available in the list of updates available via Windows update. More information about the patch here: KB 3042553. A reboot will be required to complete the installation of this update. We recommend that all your backups before starting the operation.A workaround solution exists, but it may result in performance issues. It comes to disable the caching of the kernel. (See enable caching of kernel on IIS 7)
We remind you that it is recommended to regularly update your applications and services, in order to ensure their stability and security.
If you have a managed or shared benefit, be aware that our teams are already necessary to apply the patch to all of our infrastructure.
Add new comment