In Microsoft 4 on 1 4, patch released the patch, there is one for the IIS server remote code execution vulnerability hazard is very large, please the majority of users attention.
A remote code execution vulnerability exists in the HTTP Protocol stack (HTTP.sys), when the HTTP.sys not correct parsing specially crafted HTTP request to cause this vulnerability. Successful exploitation of this vulnerability an attacker can be in the system account context in the execution of arbitrary code.
To exploit this vulnerability, an attacker must be specially crafted HTTP requests sent to an affected system. By modifying the Windows HTTP stack handles requests to install the update can fix this vulnerability.
The scope of the impact
Affects the following version of theoperating systemof the IIS server
Windows server 2 0 0 8
Windows server 2 0 1 2
Currently Microsoft's official has been given a repair patch for 3 0 4 2 5 5 3, users install the repair patch.
Attached test the POC
Note: This script can be the authentication server whether there is a vulnerability, but has not been fully tested, does not exclude will produce unpredictable consequences, be careful to use!