Just couple of days after Microsoft released its monthly security patch MS15-033 which also seemed to cause possible problems with third party antivirus engines – please refer to blog post Microsoft Patch Tuesday. Hackers had already reverse-engineered one of the bulletins and have been using it in active application level attacks against Web Servers.
Please refer for the details to Windows Patch Tuesday Hole Being Used in Zero-Day Attacks post by Redmond Magazine.
Such attacks can actually be effectively remedied using 5nine Web Application Firewall powered by Privacyware. Simply add a “signature” rule (called ‘Range’) in Header (Rules, Requests, Header, Add…) and these requests will be blocked. The more sophisticated option that could be added (relatively easily) would allow users to qualify Range blocking based on a limit size threshold for the Range variable.
Below is a screen shot of the rule to add:
Leverage the power of 5nine Cloud Security to protect your business and your data in a most reliable manner!