Remote Code Execution Vulnerability Found In Windows HTTP Stack
jones_supa writes: A remote code execution vulnerability exists in the Windows HTTP stack that is caused when HTTP.SYS parses specially-crafted HTTP requests. An attacker who has successfully exploited this vulnerability could execute arbitrary code under the SYSTEM context. Details of the bug are withheld, but exploit code is floating around. Microsoft describes the issue in security bulletin MS15-034. An update (KB3042553) is already available for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. As a workaround, Microsoft offers disabling IIS kernel caching.
WHY is there a kernel mode driver for HTTP? That's literally begging for security holes.
Why oh why would you put the parsing of HTTP at the kernel level?
They probably saw that FreeBSD has been doing it for 15 years and thought it might be a good idea.
This is the kind of stuff which needs to be in userspace, not the friggin OS.
Apparently not everyone agrees with that.
I'm in no way a Microsoft apologist, but it's not like a senior engineer rolled out of bed one morning, smoked some crack, and yelled "hey, let's break some crap today!" Lots of stuff is done in kernel mode in Linux and the BSDs - like all kinds of graphical mischief - and MS probably does the same things for the same reasons.
Dewey, what part of this looks like authorities should be involved?