Yep. I tried curl -v to get all the raw headers line by line and the payload is there, and I also tried in telnet, both return a 200 page.

I read the microsoft security bulletin and it says that your IIS server is protected if Kernal Caching is off, maybe that's why our servers are neither blocking the request nor crashing with the request.

I have tried this with kernel caching enabled. (kernel caching IS enabled by default from what I can see). Still unable to reproduce using curl.

Even if you have Kernel Caching enabled (as it is by default) if you haven't created any rule for it you're safe.

I created a rule to cache all .png files and I changed the curl request to request a .png image on the server. I got a BSOD!

Do you remember what the fault being reported on the BSOD was?

(If you could take a screenshot/snapshot that'd be great.)

I'm really curious to see what bugcheck is being hit.

I just get the standard "Your PC ran into a problem and needs to restart. We're just collecting some error info, and then we'll restart for you."

Edit:

Actually sometimes you get additional info:

http://imgur.com/zRHUV8o

Ah, page fault in non-paged area! Interesting.

I second that.. If you could provide a screenshot and Curl example it would be great.

Can you please provide example of CURL syntax you used to produce this please?

Thanks my syntax was slightly off I'm now able to reproduce.

Specifically after enabling Output Caching for all .png files I send this :

curl -v http://example.com/image.png -H "Range: bytes=18-18446744073709551615"

I was able to crash mine (local win8.1 and win2012 server) without any rules specified, only the checkbox enabled for kernel caching... it may vary based on windows version.

One other possibility, is that your systems have already been compromised and are giving you back incorrectly safe-looking output. I'm not saying its probable, just possible.