Microsoft just released a number of security patches as part of their regular “Patch Tuesday” cycle. A critical vulnerability is affecting IIS.
One of the patches that we are taking very seriously at Community IT is MS15-034 https://technet.microsoft.com/library/security/MS15-034.
It is described as a Vulnerability in HTTP.sys that Could Allow Remote Code Execution (3042553). We are immediately deploying this to all managed systems running IIS (Internet Information Server) as it represents a serious security risk. This patch will require a reboot of the system.
A number of security firms are now detecting this attack in the wild, so we are moving to immediately patch and reboot the affected systems.