All Products
Document Center

[Vulnerability notice] MS15-034: HTTP.sys remote code execution vulnerability in Windows

Last Updated: May 07, 2018


In the Microsoft security announcement released on April 2015, a serious HTTP.sys remote code execution vulnerability with the serial number MS15-034 was detected.

This vulnerability allows remote code execution if attackers send fabricated HTTP requests to compromised Windows systems.

Affected versions

  • Windows Server 2008 R2 (64-bit)/2012/2012 R2
  • Windows 7/8/8.1
  • Server core installation

See Microsoft announcement for more information.


Install the Microsoft MS15-034 patch. Note that after installing the patch, you must restart the server.

Note: Create a server snapshot before fixing the vulnerability to avoid loss in case the solution fails.