Didn't find what you're looking for? Contact Support

On April 14th, 2015, Microsoft announced a flaw (CVE-2015-1635) which allows remote code execution on Windows servers running IIS. The vulnerability could allow an attacker to run software on your servers or gain complete control of affected servers.

This affects you!

Any Microsoft Windows server running IIS (Internet Information Services) is vulnerable to this exploit.

What should you do?

Apply the latest Critical Windows Updates to any Microsoft Windows servers (2008, 2008 R2, 2012, 2012 R2) running IIS (e.g. SharePoint, Office Web Apps) at the earliest opportunity.

The Microsoft's April 2015 Patch Tuesday update, released on April 14th, includes a fix for the IIS vulnerability as described in Microsoft Security Bulletin MS15-034.

If you would like help securing your SharePoint environment from this exploit get in touch.

Is this as bad as Heartbleed?

Yes, the IIS vulnerability may become remotely exploitable by anyone, anywhere. While no use of this vulnerability has been reported, security researchers expect it to be exploited in the wild very soon.