Protection against critical Windows vulnerability (CVE-2015-1635)
On April 15, 2015, new information emerged about the MS15-034 vulnerability affecting Windows web servers. A proof of concept (PoC) code has been released that can cause a server to hang when it receives an HTTP Range header containing large byte offsets. To address this issue, CloudFlare implemented a Web Application Firewall (WAF) rule blocking such requests. Customers on a paid plan with WAF enabled are automatically protected against this problem. It is strongly advised to update IIS and Windows servers as soon as possible; in the meantime, any attempts to exploit this Denial of Service/Remote Code Execution vulnerability through CloudFlare will be blocked.
Company
Cloudflare
Date published
April 15, 2015
Author(s)
Ben Cartwright-Cox
Word count
106
Language
English
Hacker News points
26