0
So Microsoft has an important web-server bug, so naturally I'd like to scan the Internet for it. I'm running the scan now, but I'm not sure it's going to give any useful results.
The bug comes from adding the following header to a web request like the following
Range: bytes=0-18446744073709551615
As you can see, it's just a standard (64-bit) integer overflow, where 18446744073709551615 equals -1.
That specific header is harmless, it appears that other variations are the ones that may cause a problem. However, it serves as a useful check to see if the server is patched. If the server is unpatched, it'll return the following error:
HTTP/1.1 416 Requested Range Not Satisfiable
From the PoC's say, a response that looks like the following means that it is patched:
The request has an invalid header name
However, when I run the scan across the Internet, I'm getting the following sorts of responses from servers claiming to be IIS:
HTTP/1.1 200 OKHTTP/1.1 206 Partial ContentHTTP/1.1 301 Moved PermanentlyHTTP/1.1 302 Object movedHTTP/1.1 302 FoundHTTP/1.1 302 RedirectHTTP/1.1 401 UnauthorizedHTTP/1.1 403 ForbiddenHTTP/1.1 404 Object Not Found Continue reading