Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553)

Last week, Microsoft had released an important security update. This security update resolves a vulnerability in Microsoft Windows. HTTP.sys Vulnerability could allow remote code execution if an attacker sends a specially crafted HTTP request to an affected Windows system.

WHMCS Complete Billing and Support

This security update is rated Critical for all supported editions of Windows 7, Windows 8, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 and Windows Server 2012 R2. The security update addresses the vulnerability by modifying how the Windows HTTP stack handles requests.

HTTP.sys Vulnerability

HTTP.sys Vulnerability Information

A remote code execution vulnerability exists in the HTTP protocol stack (HTTP.sys) that is caused when HTTP.sys improperly parses specially crafted HTTP requests. An attacker who successfully exploited this vulnerability could execute arbitrary code in the context of the System account.

To exploit this vulnerability, an attacker would have to send a specially crafted HTTP request to the affected system. The update addresses the vulnerability by modifying how the Windows HTTP stack handles requests.

For more information, kindly refer following Microsoft Security Bulletin

https://technet.microsoft.com/library/security/MS15-034

Please make sure that you have installed Windows update 3042553. If you have still not installed this update, you should install it immediately.

Posted in Security.