MS15-034 - Vulnerability in HTTP.sys could allow remote code execution (CVE-2015-1635)
Article Number
000030097
Applies ToApplies To
All RSA Products
IssueIssue
HTTP.sys Remote Code Execution Vulnerability - CVE-2015-1635
A remote code execution vulnerability exists in the HTTP protocol stack (HTTP.sys) that is caused when HTTP.sys improperly parses specially crafted HTTP requests. An attacker who successfully exploits this vulnerability could execute arbitrary code in the context of the System account.
To exploit this vulnerability, an attacker would have to send a specially crafted HTTP request to the affected system. The update addresses the vulnerability by modifying how the Windows HTTP stack handles requests.
See Microsoft Security Bulletin MS15-034 at: https://technet.microsoft.com/en-us/library/security/ms15-034.aspx
ResolutionA remote code execution vulnerability exists in the HTTP protocol stack (HTTP.sys) that is caused when HTTP.sys improperly parses specially crafted HTTP requests. An attacker who successfully exploits this vulnerability could execute arbitrary code in the context of the System account.
To exploit this vulnerability, an attacker would have to send a specially crafted HTTP request to the affected system. The update addresses the vulnerability by modifying how the Windows HTTP stack handles requests.
See Microsoft Security Bulletin MS15-034 at: https://technet.microsoft.com/en-us/library/security/ms15-034.aspx
Resolution
RSA is aware of and investigating this issue to identify the product impact. The level of impact may vary depending on the affected product. The following table contains the latest available impact information. This table will be updated as additional information becomes available.
Customers running affected Windows operating systems are encouraged to apply security updates from Microsoft. Please refer to Microsoft Security Bulletin MS15-034 for guidance. For Windows based appliances provided by RSA, please review the list below for impact status and remediation steps if applicable.
Customers running affected Windows operating systems are encouraged to apply security updates from Microsoft. Please refer to Microsoft Security Bulletin MS15-034 for guidance. For Windows based appliances provided by RSA, please review the list below for impact status and remediation steps if applicable.
RSA Product Name | Versions | Impacted? | Details | Last Updated |
---|---|---|---|---|
3D Secure / Adaptive Authentication eCommerce | ALL Supported | Not Impacted | 4/22/2015 | |
Access Manager | ALL Supported | Investigating | 4/20/2015 | |
Adaptive Authentication Hosted | ALL Supported | Not Impacted | 4/22/2015 | |
Adaptive Authentication On Prem | ALL Supported | Investigating | 4/20/2015 | |
Archer Hosted | N/A | Impacted - Remediated | External/customer facing environments patched. | 4/22/2015 |
Archer Platform | ALL Supported | Not Impacted | Follow OS vendor guidelines to patch underlying host | 4/24/2015 |
Archer SecOps | ALL Supported | Not Impacted | Follow OS vendor guidelines to patch underlying host | 4/24/2015 |
Archer Vulnerability & Risk Manager (VRM) | ALL Supported | Not Impacted | Follow OS vendor guidelines to patch underlying host | 4/24/2015 |
Authentication Manager Software Platform | 6.1 | Investigating | 4/20/2015 | |
Authentication Manager Software Platform | 7.1 | Investigating | 4/20/2015 | |
Authentication Manager Appliance | 3.0.4 | Investigating | 4/20/2015 | |
Authentication Manager Appliance | 8.1.1 (and earlier) | Investigating | 4/20/2015 | |
Authentication Manager Express | 1.0 | Investigating | 4/20/2015 | |
BSAFE | ALL Supported | Not Impacted | 4/21/2015 | |
Data Loss Protection | 9.5.x & 9.6.x | Not Impacted | DLP does not install or run on Windows platform. | 4/20/2015 |
Data Protection Manager | 3.2.x & 3.5.x | Not Impacted | 4/21/2015 | |
Digital Certificate Solution | ALL Supported | Not Impacted | 4/21/2015 | |
ECAT | ALL Supported | Investigating | 4/20/2015 | |
enVision | ALL Supported | Impacted | enVision 4.x is impacted. MS updates being tested, and an advisory planned for enVision April MS report. | 4/22/2015 |
Federated Identity Manager | ALL Supported | Investigating | 4/20/2015 | |
FraudAction | ALL Supported | Impacted | Remediation plan in progress | 4/22/2015 |
IMG (Aveksa) MyAccess Live | ALL Supported | Not Impacted | 4/21/2015 | |
IMG (Aveksa) On-Prem Platform | ALL Supported | Not Impacted | 4/21/2015 | |
IMG (Aveksa) Appliance | ALL Supported | Not Impacted | 4/21/2015 | |
IMG (Aveksa) StealthAudit | ALL Supported | Not Impacted | 4/21/2015 | |
Netwitness | 9.6.x, 9.7.x, 9.8.x | Not Impacted | 4/20/2015 | |
Netwitness Informer | 1.x | Not Impacted | 4/20/2015 | |
RSA Central | ALL Supported | Not Impacted | 4/22/2015 | |
RSA Live Infrastructure | ALL Supported | Investigating | 4/20/2015 | |
SecurID Agent for PAM | ALL Supported | Not Impacted | 4/24/2015 | |
SecurID Agent for Web | ALL Supported | Not Impacted | Follow OS vendor guidelines to patch underlying host | 4/24/2015 |
SecurID Agent for Windows | ALL Supported | Not Impacted | Follow OS vendor guidelines to patch underlying host | 4/24/2015 |
SecurID Authentication Engine | ALL Supported | Not Impacted | 4/24/2015 | |
SecurID Authentication SDK | ALL Supported | Not Impacted | 4/24/2015 | |
SecurID Software Token Converter | ALL Supported | Not Impacted | 4/24/2015 | |
SecurID Software Token for Android | ALL Supported | Not Impacted | 4/23/2015 | |
SecurID Software Token for Blackberry | ALL Supported | Not Impacted | 4/23/2015 | |
SecurID Software Token for Desktop | ALL Supported | Not Impacted | 4/24/2015 | |
SecurID Software Token for iPhone | ALL Supported | Not Impacted | 4/23/2015 | |
SecurID Software Token for Windows Mobile | ALL Supported | Not Impacted | 4/23/2015 | |
SecurID Software Token Toolbar | ALL Supported | Not Impacted | 4/24/2015 | |
SecurID Software Token Web SDK | ALL Supported | Not Impacted | Follow OS vendor guidelines to patch underlying host | 4/24/2015 |
SecurID Transaction Signing SDK | ALL Supported | Not Impacted | 4/24/2015 | |
Security Analytics Platform Physical and Virtual Appliances | 10.0.x-10.4.x | Not Impacted | SA does not install or run on Windows platform. | 4/20/2015 |
Security Analytics Malware Analytics | 10.0.x-10.4.x | Not Impacted | 4/20/2015 | |
Security Analytics Malware Cloud | N/A | Not Impacted | 4/20/2015 | |
Security Analytics (Windows Legacy Collector) | 10.0.x-10.4.x | Not Impacted | 4/20/2015 | |
Security Analytics Warehouse (DCA Pivotal) | Not Impacted | 4/20/2015 | ||
Security Analytics Warehouse (MapR) | Not Impacted | 4/20/2015 | ||
Spectrum | 1.x | Not Impacted | 4/20/2015 | |
Web Threat Detection (Silvertail) | ALL Supported | Not Impacted | WTD does not install or run on Windows platform. | 4/20/2015 |
Notes
Disclaimer
Read and use the information in this RSA Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact RSA Software Technical Support at 1- 800 995 5095. RSA Security LLC distributes RSA Security Advisories, in order to bring to the attention of users of the affected RSA products, important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided 'as is' without warranty of any kind. RSA disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall RSA or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.
Read and use the information in this RSA Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact RSA Software Technical Support at 1- 800 995 5095. RSA Security LLC distributes RSA Security Advisories, in order to bring to the attention of users of the affected RSA products, important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided 'as is' without warranty of any kind. RSA disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall RSA or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.