000030097 - MS15-034 - Vulnerability in HTTP.sys could allow remote code execution (CVE-2015-1635)

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Jun 17, 2016
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000030097
Applies ToAll RSA Products
IssueHTTP.sys Remote Code Execution Vulnerability - CVE-2015-1635
A remote code execution vulnerability exists in the HTTP protocol stack (HTTP.sys) that is caused when HTTP.sys improperly parses specially crafted HTTP requests. An attacker who successfully exploits this vulnerability could execute arbitrary code in the context of the System account.
To exploit this vulnerability, an attacker would have to send a specially crafted HTTP request to the affected system. The update addresses the vulnerability by modifying how the Windows HTTP stack handles requests.
See Microsoft Security Bulletin MS15-034 at: https://technet.microsoft.com/en-us/library/security/ms15-034.aspx
Resolution
RSA is aware of and investigating this issue to identify the product impact. The level of impact may vary depending on the affected product. The following table contains the latest available impact information. This table will be updated as additional information becomes available.
Customers running affected Windows operating systems are encouraged to apply security updates from Microsoft.  Please refer to Microsoft Security Bulletin MS15-034 for guidance. For Windows based appliances provided by RSA, please review the list below for impact status and remediation steps if applicable.

 


RSA Product NameVersionsImpacted?DetailsLast Updated
3D Secure / Adaptive Authentication eCommerceALL SupportedNot Impacted 4/22/2015
Access ManagerALL SupportedInvestigating 4/20/2015
Adaptive Authentication HostedALL SupportedNot Impacted 4/22/2015
Adaptive Authentication On PremALL SupportedInvestigating 4/20/2015
Archer HostedN/AImpacted - RemediatedExternal/customer facing environments patched.4/22/2015
Archer PlatformALL SupportedNot ImpactedFollow OS vendor guidelines to patch underlying host4/24/2015
Archer SecOpsALL SupportedNot ImpactedFollow OS vendor guidelines to patch underlying host4/24/2015
Archer Vulnerability & Risk Manager (VRM)ALL SupportedNot ImpactedFollow OS vendor guidelines to patch underlying host4/24/2015
Authentication Manager Software Platform6.1Investigating 4/20/2015
Authentication Manager Software Platform7.1Investigating 4/20/2015
Authentication Manager Appliance3.0.4Investigating 4/20/2015
Authentication Manager Appliance8.1.1 (and earlier)Investigating 4/20/2015
Authentication Manager Express1.0Investigating 4/20/2015
BSAFEALL SupportedNot Impacted 4/21/2015
Data Loss Protection9.5.x & 9.6.xNot ImpactedDLP does not install or run on Windows platform.4/20/2015
Data Protection Manager3.2.x & 3.5.xNot Impacted 4/21/2015
Digital Certificate SolutionALL SupportedNot Impacted 4/21/2015
ECATALL SupportedInvestigating 4/20/2015
enVisionALL SupportedImpactedenVision 4.x is impacted. MS updates being tested, and
   an advisory planned for enVision April MS report.
4/22/2015
Federated Identity ManagerALL SupportedInvestigating 4/20/2015
FraudActionALL SupportedImpactedRemediation plan in progress4/22/2015
IMG (Aveksa) MyAccess LiveALL SupportedNot Impacted 4/21/2015
IMG (Aveksa) On-Prem PlatformALL SupportedNot Impacted 4/21/2015
IMG (Aveksa) ApplianceALL SupportedNot Impacted 4/21/2015
IMG (Aveksa) StealthAuditALL SupportedNot Impacted 4/21/2015
Netwitness9.6.x, 9.7.x, 9.8.xNot Impacted 4/20/2015
Netwitness Informer1.xNot Impacted 4/20/2015
RSA CentralALL SupportedNot Impacted 4/22/2015
RSA Live InfrastructureALL SupportedInvestigating 4/20/2015
SecurID Agent for PAMALL SupportedNot Impacted 4/24/2015
SecurID Agent for WebALL SupportedNot ImpactedFollow OS vendor guidelines to patch underlying host4/24/2015
SecurID Agent for WindowsALL SupportedNot ImpactedFollow OS vendor guidelines to patch underlying host4/24/2015
SecurID Authentication EngineALL SupportedNot Impacted 4/24/2015
SecurID Authentication SDKALL SupportedNot Impacted 4/24/2015
SecurID Software Token ConverterALL SupportedNot Impacted 4/24/2015
SecurID Software Token for AndroidALL SupportedNot Impacted 4/23/2015
SecurID Software Token for BlackberryALL SupportedNot Impacted 4/23/2015
SecurID Software Token for DesktopALL SupportedNot Impacted 4/24/2015
SecurID Software Token for iPhoneALL SupportedNot Impacted 4/23/2015
SecurID Software Token for Windows MobileALL SupportedNot Impacted 4/23/2015
SecurID Software Token ToolbarALL SupportedNot Impacted 4/24/2015
SecurID Software Token Web SDKALL SupportedNot ImpactedFollow OS vendor guidelines to patch underlying host4/24/2015
SecurID Transaction Signing SDKALL SupportedNot Impacted 4/24/2015
Security Analytics Platform
   Physical and Virtual Appliances
10.0.x-10.4.xNot ImpactedSA does not install or run on Windows platform.4/20/2015
Security Analytics Malware Analytics10.0.x-10.4.xNot Impacted 4/20/2015
Security Analytics Malware CloudN/ANot Impacted 4/20/2015
Security Analytics (Windows Legacy Collector)10.0.x-10.4.xNot Impacted 4/20/2015
Security Analytics Warehouse (DCA Pivotal) Not Impacted 4/20/2015
Security Analytics Warehouse (MapR) Not Impacted 4/20/2015
Spectrum1.xNot Impacted 4/20/2015
Web Threat Detection (Silvertail)ALL SupportedNot ImpactedWTD does not install or run on Windows platform.4/20/2015

NotesDisclaimer



Read and use the information in this RSA Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact RSA Software Technical Support at 1- 800 995 5095. RSA Security LLC distributes RSA Security Advisories, in order to bring to the attention of users of the affected RSA products, important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided 'as is' without warranty of any kind. RSA disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall RSA or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.

Attachments

    Outcomes