Description
In the Microsoft security announcement released on April 2015, a serious HTTP.sys
remote code execution vulnerability with the serial number MS15-034 was detected.
This vulnerability allows remote code execution if attackers send fabricated HTTP requests to compromised Windows systems.
Affected versions
- Windows Server 2008 R2 (64-bit)/2012/2012 R2
- Windows 7/8/8.1
- Server core installation
See Microsoft announcement for more information.
Fix
Install the Microsoft MS15-034 patch. Note that after installing the patch, you must restart the server.
Note: Create a server snapshot before fixing the vulnerability to avoid loss in case the solution fails.