Microsoft MS15-034 (HTTP.sys DoS, Memory Disclosure and potential Remote Code Execution)

As mentioned in our post for Patch Tuesday April 2015, the MS15-034 has now work a working exploit which causes a DoS for unpatched Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2, if they’re running a service that’s using IIS (or any other service uding HTTP.sys) and have kernel caching turned on (which it is by default).

This DoS is extremely simple to cause (just a simple curl/wget), and will cause your server to have a BSOD.

Update: It seems like this issue also does information disclosure à la heartbleed. With small modifications to yesterdays published exploit one can disclose memory regions from a vulnerable server.
There has also been rumours that Exchange servers with autodiscovery turned on are vulnerable for DNS hijacking/corruption.

There are various ways to see if you are vulnerable, but they are not fool-proof and because of this it is extremely advised to just apply the patch.

It is just a matter of time now before a remote code execution exploit is released, which means someone would gain control of your server, so do not wait to patch your systems.