Microsoft close critical vulnerability in http.sys




Microsoft has during patch tuesday released patches for Windows 7, 8, 8.1, Server 2008 R2, Server 2012 and Server 2012 R2 is intended to help fill a critical security hole in the http.sys module. The vulnerability could allow remote code execution. Office also contains a critical vulnerability.

In Security Bulletin MS15-034 Microsoft describes the now-sealed vulnerability in http.sys. According to the software giant can carry attackers with a manipulated http request remote code on a vulnerable Windows system. Microsoft calls the security hole “critical”, the highest rating that can get such vulnerabilities. System administrators and users of those versions of Windows is therefore strongly recommended to install the patch.

The patch, which adjusts how http.sys deal with requests, is part of patch tuesday, the monthly release round of bug fixes and patches for various Windows versions. It is unclear why Microsoft patch for http.sys not released earlier, but the software giant does indicate that there is so far no cases are known where the vulnerability is actually exploited by attackers.

A security researcher from the firm Tripwire late TechTarget know that the vulnerability probably part of kernel caching support for IIS, Microsoft’s Web server. He also expresses the fear that the said vulnerability will be exploited in the short term by attackers.

In addition to the security problems in http.sys Microsoft has released patches for several Office versions, including MS15-033 has been stamped “critical”. Also in this case remote code execution is possible if the user opens a specially malformed Office file.


In: A Technology & Gadgets Asked By: [19122 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »