Important Note: Critical Vulnerability in Microsoft’s HTTP.sys
On yesterday’s patchday Microsoft released a security update that resolves a vulnerability which could allow remote code execution in the HTTP.sys kernel module. This kernel module is responsible for handling HTTP requests in Microsoft Windows. In addition to Microsoft’s Internet Information Server (IIS), many other programs may use this module indirectly to provide a webserver on Windows platforms. MailStore Server and the MailStore Service Provider Edition (SPE) belong to the group of such programs.
Customers, who use MailStore Web Access or MailStore Outlook Add-in to access their archives, are strongly recommended to apply the appropriate Windows Update on the MailStore Server system as soon as possible – notably in case MailStore is accessible from the Internet. Service Providers using the MailStore SPE should also deploy this update on their servers as soon as possible.
Further information regarding the vulnerability and how to obtain the required update are availbable in Microsoft’s Security Bulletin MS15-034.