Tom Talks Microsoft Teams and Skype for Business thoughts and news

MS15-034 / KB3042553 IIS Vulnerability affects Lync Servers: Get Patching Now

An Internet Information Server (IIS) vulnerability can be used to remotely crash Windows Servers. The patch was released on Tuesday (April 14th) as part of Microsoft’s Patch Tuesday.

Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2 are all affected. HTTP.sys is used by any version of IIS running on one of these operating systems. HTTP.sys was introduced with IIS 6.

Patch details: https://support.microsoft.com/en-us/kb/3042553

MSFT Security Bulletin: https://technet.microsoft.com/library/security/MS15-034

Details from SANS: https://isc.sans.edu/forums/diary/MS15034+HTTPsys+IIS+DoS+And+Possible+Remote+Code+Execution+PATCH+NOW/19583/

 

Patch download:

Download 2012 and R2:

https://www.microsoft.com/en-us/download/details.aspx?id=46500

Download 2008 R2:

https://www.microsoft.com/en-us/download/details.aspx?id=46480

 

You could look at using Reverse Proxy rules to block this malformed URL request, but it appears to be pretty complicated. Best to get the patch out as soon as you can. Requires a server restart.

Since Lync Servers uses IIS, while this is not a Lync code issue, it does affect Lync Servers as lync Servers serve HTTPS content. It logically should mainly affect Front End/Standard Editions and Office Web Apps, but probably makes sense to patch the whole estate.

 

Proof of Concept

I have replicated the issue in my lab with curl and a specifically crafted URL (which I won’t post, as it took a little more crafting that what is public, but not much)

image

 

Running the curl Get against the pool with no credentials to the Server/Lync

image

System then reboots:

image

image

Requires Reboot

Verify Install (PowerShell):

Get-HotFix | Where-Object {$_.HotFixID -eq “KB3042553”}

image

 

After install the crafted URL had no impact:

image

About the author

Tom Arbuthnot

Tom Arbuthnot is Principal Solutions Architect at Unified Communications specialist Modality Systems. He is a Microsoft Certified Master and MVP, blogger, has a regular podcast with UCToday at tomtalks.show and is a regular speaker at events including Microsoft TechEd and Ignite. He co-runs The Microsoft UC User Group London.

2 comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Tom Talks Microsoft Teams and Skype for Business thoughts and news