Incapsula WAF clients are protected from the latest MS15-034 (CVE-2015-1635) and MS15-036 (CVE-2015-1640) vulnerabilities, made public on April 14th.
The MS15-034 vulnerability affects the HTTP protocol stack (HTTP.sys), causing HTTP.sys to improperly parse specially crafted HTTP requests. In its advisory Microsoft described this as a remote code execution vulnerability. Currently no such exploit has been made public, but we do have evidence of this vulnerability being abused to execute DoS attacks.
The second vulnerability (MS15-036) is a stored XSS vulnerability that affects Microsoft SharePoint and, under specific conditions, can be used to execute arbitrary JS/HTML code in a victim’s browser. This type of exploit could potentially lead to privilege escalation.
Our analysis of both security flaws shows that they are not currently being exploited en masse, as is often the case with other newly published vulnerabilities.
On the morning of April 15th we deployed a patch to Incapsula’s Web Application Firewall (WAF) with security rules that address both of the aforementioned exploits. As of today, more than 24 hours later, we still see no evidence of any attack attempts that target websites on our network.
Still, we do not suggest that these should be taken lightly. Microsoft patches for MS15-034 and MS15-036 are available and we recommend that all Windows Server 2008/2012 and Windows 7/8 users apply them as soon as possible.
Try Imperva for Free
Protect your business for 30 days on Imperva.
