Who We Are

ADP's Response to Microsoft Remote Code Vulnerability

Most Recently Reported: April 23, 2015
Date Initially Reported: April 23, 2015

We are aware of the security advisory published by Microsoft regarding a vulnerability in Windows that could allow remote code execution if an attacker sends a specially crafted HTTP request to an affected Windows system. This vulnerability could allow an attacker to gain control over exploited systems and expose sensitive data that resides on the server or workstation.

Based on the analysis of our internet-facing infrastructure worldwide, ADP’s Global Security Organization has identified that a very small portion of our servers could potentially be affected. Remediation efforts are well-underway and we are performing specific monitoring until remediation is complete.

It is important to note that the vast majority of ADP’s global applications and services provided to our clients are unaffected by this issue.

We have seen no evidence of attempts to exploit this issue on affected ADP assets. For more information on this issue please visit Microsoft Security Bulletin MS15-034.

Our cyber threat management platforms are continuously updated to detect and respond to malicious activity. Protecting our clients and their data has been, and always will be, a top priority for ADP.

Clients are encouraged to visit ADP’s trust and security center to learn about ways they can learn how to help protect themselves by visiting: www.adp.com/trust.

Protecting ADP clients and their data has been, and always will be, a top priority for ADP.

If you have any further questions/concerns, please contact our Client Security Management Office via email adp.csmo@adp.com or phone at 855-677-7247 (Toll Free).

PDF Download a PDF of this Alert

See All Security Alerts