“As attacks mount, and over 70 million websites remain vulnerable, advice is ‘fix now.’
A critical remote code execution vulnerability affecting the Windows HTTP protocol stack is being actively exploited in the wild, according to the SANS Internet Storm Center. MS15-034 affects Windows 7, 8, and 8.1, Windows Server 2008 R2, 2012, and 2012 R2. It can be exploited by sending a specially crafted HTTP request to a vulnerable server.
‘The problem is that this will easily crash systems,’ says Johannes Ullrich, CTO of the SANS Internet Storm Center. ‘It is not a denial of service, and not easily a data leakage issue like Heartbleed. But even crashing millions of IIS servers could cause significant impact, as many large sites use IIS.'”