Microsoft IIS vulnerability (MS15-034)

April 20, 2015 by Team Phaeria

Microsoft disclosed a critical vulnerability (MS15-034) on their WebServer IIS that allows for remote and unauthenticated Denial of Service and Remote Code Execution.

You can read more details about the versions affected Microsoft Security Bulletin. This security update is rated Critical for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2.

The exploit is critical as the attacker only needs to send a HTTP request with the right header.