16 April 2015, 20:45

Although there is already a patch available for the HTTP.sys vulnerability, I think it's usefull to know that Hiawatha can block requests that exploit this vulnerability. If you were required to wait for a patch, you could have used Hiawatha as a reverse proxy with the following configuration to block HTTP.sys exploits.

UrlToolkit {
  ToolkitID = block_httpsys
  Header Range [0-9]{6,} Ban 86400

VirtualHost {
  Hostname = www.example.com
  UseToolkit = block_httpsys
  ReverseProxy .* http://<webserver IP address>/
18 April 2015, 11:35
Sorry but who uses M$ as a web server, it's your own fault