SANS Internet Storm Center says an attack campaign is compromising Windows servers through a vulnerability tracked as CVE-2017-5638. The flaw is located in the Jakarta Multipart parser in Apache Struts 2 and allows attackers to execute system commands with the privileges of the user running the web server process. Attackers started exploiting the flaw almost immediately, leaving very little time for server administrators to deploy the update. Last year, attackers took advantage of a vulnerability in the JBoss application server in a similar manner.”]