Despite a patch being released last week, around 70 million websites remain vulnerable to a critical remote code execution vulnerability patched by MS15-034.
Security researchers at SANS Internet Storm Center revealed that the MS15-034 affecting the Windows HTTP protocol stack is being actively exploited in the wild. The MS15-034 flaw affects Windows 7, 8, and 8.1, Windows Server 2008 R2, 2012, and 2012 R2 leaving over 70 million websites vulnerable to cyber attacks.
Exploitation of the flaw is quite easy, attackers just need to send a specially crafted HTTP request to a vulnerable ISS server.
FULL STORY