Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The reason the kernel is involved with http handling is a feature called "Kernel Caching"[1]:

> Enable kernel caching to effectively scale and improve Web server performance. Cached responses are served from the kernel. This greatly improves response times and increases the number of requests per second that IIS can serve because requests for cached content never enter IIS user mode.

[1] https://technet.microsoft.com/en-us/library/cc731903(v=ws.10...



If you don't have the kernel caching enabled, does this vulnerability still work?


According to microsoft's bulletin disabling kernel caching will avoid the vulnerability.

* I should cite this : https://technet.microsoft.com/library/security/ms15-034

See section Vulnerability Information > Workarounds


Microsoft states that this MAY help.

I don't have a MS server with IIS installed, but I would be very interested if the exploit check from the OP would be negative with kernel caching disabled. Anyone care to test this?


I get the HTTP 416 on windows 8.1 + iis 8.5 unpatched even after turning kernel caching off and restarting iis. Even after rebooting.


416 is the correct error code to return in this situation... that's what you want to see.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: