en

‫ Microsoft Windows HTTP.sys Arbitrary Code Execution Vulnerability

ID: IRCAD2015043876
Release Date: 2015-04-14
Criticality level: Highly critical
Software:
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2012
Description:
A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error when parsing HTTP requests and can be exploited to execute arbitrary code via a specially crafted request.
Successful exploitation requires IIS kernel caching to be enabled.
Solution
Apply update.
Windows 7
Windows Server 2008 R2
Windows 8 and Windows 8.1
Windows Server 2012 and Windows Server 2012 R2
Server Core installation option
References:
Microsoft (KB3042553):
Secunia:
 

The Wall

No comments
You need to sign in to comment