Critical Vulnerability in HTTP.sys

Microsoft’s latest security bulletin released April 14, 2015 includes a patch to address a vulnerability found in HTTP protocol stack (MS15-34, CVE-2015-1635), which can allow an attacker to remotely execute code in a target system.

This bug affects MS Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2. Exploiting this flaw involves sending a specially crafted HTTP request, which HTTP.sys will incorrectly parse. Once successful, that attacker can now remotely execute arbitrary code in the context of the System account.

Update your system with the latest batch of patches from Microsoft to mitigate this vulnerability.

See our Knowledgebase for trending How-To articles.

Comments are closed.