[Utilizer]

Much more details including code snippets at website.

[ClearCase_guy]

“one of the fly rods has gone out of skew on the treadle”

[some tech guy]

People still use IIS to serve sites?

[Ray76]

Hey here’s some data, let’s execute it!

[patro]

[PastorBooks]

IMPORTANT: This vulnerability is in all Windows 7 and Windows 8 systems, not just IIS servers.

“This security update is rated Critical for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2.”

Microsoft Security Bulletin MS15-034 - Critical

https://technet.microsoft.com/library/security/ms15-034

It is for home computers, too. Not just servers.

[PastorBooks]

More information:

Remote Kernel Code Execution Via HTTP Request In IIS On Windows | Hacker News
https://news.ycombinator.com/item?id=9380468

Remote Code Execution Via HTTP Request In IIS On Windows
https://ma.ttias.be/remote-code-execution-via-http-request-in-iis-on-windows

MS15-034 Test
https://lab.xpaw.me/MS15-034/?host=bing.com

[dayglored]

Windows Server IIS vulnerability ... PING!

You can find all the Windows Ping list threads with FR search: search on keyword "windowspinglist".

Of interest to the System Admins on the ping list, but ALSO to anyone running web services on Win 7 or Win 8...

[Billthedrill]

Oh, well, it’s all part of the monthly patch cycle. Remote code execution with SYSTEM account privileges is not something you’d want to let hang around. Should have about 250 servers patched by Friday night. It’s what I do.

[cynwoody]

According to Netcraft, https://mail.clintonemail.com/ is running Microsoft-IIS/7.5.

Must be secure, since it's alleged to be under USSS protection! But, really, what difference does it make?

[metesky]

BFL