Detecting CVE-2015-1635 HTTP.sys Remote Code Execution
The HP Security Research Team has released a check via HP WebInspect for detection of the HTTP.sys Remote Code Execution vulnerability. A patch (MS15-034) has been issued by Microsoft to fix this vulnerability. Hence, it is recommended that all vulnerable servers be patched immediately.
In order to test if your IIS server is vulnerable, please smartupdate via HP WebInspect in order to receive the latest updates. To perform a targeted quick scan, create a custom policy with Check IDs 11391 and 10028. Using this policy will ensure the fastest scan possible to test your server for the vulnerability. Scans using Standard or the OWASP policies will automatically test the target server for this vulnerability.
Figure 1: View of Policy Manager with the updated check
The technical details of the vulnerability and its fix has been explained in the HP Security Research blog.