1310 Nowell Road
Raleigh, NC 27607
1310 Nowell Road
Raleigh, NC 27607
Microsoft has released a patch for a critical vulnerability in the Windows HTTP protocol stack. Known as HTTP.sys, it could have disastrous consequences once it’s publicly exploited.
The latest bulletin features four critical updates issued by Microsoft. They warn that exploiting this vulnerability could lead to remote code execution and privilege escalation on a compromised device. So what’s that mean, exactly?
Hackers Gaining Access to Your Computer
As soon as an attacker knows how to create the specially crafted HTTP request, they can begin targeting every web server that they find until they hit one that’s vulnerable. A major concern is that the work-around provided by Microsoft isn’t very expansive and it fails to provide IT admins with much to protect them while they’re testing the patch.
Secondly, the sheer number of Windows web servers is huge. There are more Linux servers in terms of total numbers, but Windows servers are much more popular in corporate environments. Plus, they store a lot of valuable and sensitive information.
Cybercriminals can use the vulnerability to run code on your webserver under the IIS user account. They would then use an exploit for a second local vulnerability to escalate privilege, become administrator and install permanent exploit code. The attack is simple to execute and needs to be addressed quickly.
Who’s Vulnerable?
Microsoft said the vulnerability has been found in Windows 7, Windows 2008 R2, Windows 8 and 8.1, Windows Server 2012 and 2012 R2 and in Server Core instillation option.
Other important patches released can be seen here and include fixes for vulnerabilities in Internet Explorer and Office.
To get more breaking IT security news or to talk about how your business in Raleigh can be protected against dangerous online threats, contact Raleigh IT Support Company and IT Services Provider | CSP Inc. at info@cspinc.com or by phone at (919) 424-2000 .
Always at your service to provide the highest level of quality support to our customers.
Anthony Firth Client Engineer
“I’m passionate about building and fostering relationships, and finding solutions for success.”
Michael Koenig Client Account Manager
“I help clients stabilize and grow their IT infrastructure so they can focus on growing their core business.”
Josh Wilshire Systems Engineer Team Lead
“I strive to provide the highest level of quality service to our customers.”
Tommy Williams Sr. Hardware Engineer
“I’m driven by the steadfast belief that technology must serve as a business enabler. This mantra has driven 21
Years of successful partnerships.”
Stephen Riddick VP Sales & Marketing
“CSP doesn’t succeed unless your company succeeds.”
Stephen Allen Inventory Manager
“Through my intuition and genuine concern to help others I have built long-lasting relationships with our customers, co-workers and business partners.”
Scott Forbes VP Support Services
“Every day, I work with clients to help plan the future of their businesses.”
Michael Bowman vCIO
“Your IT problems become our IT solutions.”
Mark McLemore Project Engineer
“Managing internal and external operations to ensure that CSP provides quality and reliable customer service .”
Margie Figueroa Business Manager
“Providing quality internal and externals financial support to our customers and accounting support to CSP.”
Katie Steiglitz Accounting Administrator
“Some call me the CEO. I call myself the Cheerleader for an awesome team!”
William B. Riddick Founder & CEO
“CSP is here to assist you with your IT needs.”
Beth Wylie Inside Sales Manager
On What Questions You Need To Ask Before Signing Any Agreement.
Raleigh IT Support Company and IT Services Provider | CSP Inc.
1310 Nowell Rd,
Raleigh, NC 27607
Existing CSP Client: (919) 424-2060
SALES: (919) 420-3231