Microsoft Windows HTTP.sys Arbitrary Code Execution Vulnerability

ID: IRCAD2015043876
Release Date: 2015-04-14
Criticality level: Highly critical
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2012
A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error when parsing HTTP requests and can be exploited to execute arbitrary code via a specially crafted request.
Successful exploitation requires IIS kernel caching to be enabled.
Apply update.
Windows 7
Windows Server 2008 R2
Windows 8 and Windows 8.1
Windows Server 2012 and Windows Server 2012 R2
Server Core installation option
Microsoft (KB3042553):

The Wall

No comments
You need to sign in to comment