New Urgent Patch for Windows Critical Vulnerability

by

April 15, 2015

Are you keeping up with critical system updates to ensure your business stays protected?

ThinkstockPhotos-184054620

Microsoft has released a patch for a critical vulnerability in the Windows HTTP protocol stack. Known as HTTP.sys, it could have disastrous consequences once it’s publicly exploited.

The latest bulletin features four critical updates issued by Microsoft. They warn that exploiting this vulnerability could lead to remote code execution and privilege escalation on a compromised device. So what’s that mean, exactly?

Hackers Gaining Access to Your Computer

As soon as an attacker knows how to create the specially crafted HTTP request, they can begin targeting every web server that they find until they hit one that’s vulnerable. A major concern is that the work-around provided by Microsoft isn’t very expansive and it fails to provide IT admins with much to protect them while they’re testing the patch.

Secondly, the sheer number of Windows web servers is huge. There are more Linux servers in terms of total numbers, but Windows servers are much more popular in corporate environments. Plus, they store a lot of valuable and sensitive information.

Cybercriminals can use the vulnerability to run code on your webserver under the IIS user account. They would then use an exploit for a second local vulnerability to escalate privilege, become administrator and install permanent exploit code. The attack is simple to execute and needs to be addressed quickly.

Who’s Vulnerable?

Microsoft said the vulnerability has been found in Windows 7, Windows 2008 R2, Windows 8 and 8.1, Windows Server 2012 and 2012 R2 and in Server Core instillation option.

Other important patches released can be seen here and include fixes for vulnerabilities in Internet Explorer and Office.

CLIENTS ON OUR MANAGED SERVICES PROGRAM WILL HAVE THE PROPER PATCHES APPLIED.

To get more breaking IT security news or to talk about how your business in Baltimore, Washington, DC And Across Maryland can be protected against dangerous online threats, contact Integris at [email protected] or by phone at (888) 330-8808.

We're Integris. We're always working to empower people through technology.

Keep reading

Managed IT Services St. Paul: 5 Powerful Advantages for Businesses

Managed IT Services St. Paul: 5 Powerful Advantages for Businesses

As a business owner, it's important to make the most of your resources. This includes finding cost-effective solutions for managing and maintaining your company's technology. Keeping a competitive edge in your industry requires secure, modern tech that allows your...

IT Support Minneapolis: Where to Find Top IT Services in Minneapolis

IT Support Minneapolis: Where to Find Top IT Services in Minneapolis

If you’re wondering where to find top IT services in Minneapolis, it’s important to identify providers that offer a wide range of support, have great service and provide solid tech expertise. Comprehensive technology insight is especially important when it comes to IT...

Webinar: Email Security that Doesn’t Suck…

Webinar: Email Security that Doesn’t Suck…

Trustifi and Security 7 present Email Security That Doesn’t Suck.  In today’s age of over-complicated security tools, it is extremely difficult to manage the fine balance between security and productivity.   {% video_player "embed_player" overrideable=False,...