On Tuesday, April 14 - Microsoft released MS15-034 as part of it's monthly patch. The bulletin addresses a vulnerability in HTTP.sys, thelibrary processing HTTP requests in Windows. According to Microsoft,the vulnerability could be used to run arbitrary code on a vulnerablehost.
Among other programs, IIS uses HTTP.sys, and is directly exposed tothe exploit. As of yesterday, trivial to execute exploits have beenmade public that will cause an IIS server to crash, and in a publishedanalysis of the bug, an exploit to leak kernel memory was outlined.
We will briefly discuss the exploit, why it happened, how to preventexploitation and how prevalent it's use has already become. Triggerwarning:
Do not attend if you don't want to see IIS server squirm and Windowssystems blue screen.