|
|
|||
| Rule General Information |
|---|
| Release Date: | 2018-05-08 | |
| Rule Name: | Microsoft HTTP.sys Remote Code Execution Vulnerability (CVE-2015-1635) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability." | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows | |
| Reference: | MicrosoftSecurityBulletin:MS15-034 SecurityFocusBID:74013 SecurityTrackerID:1032109 ExploitDB:36773 ExploitDB:36776 |
|
| Solutions |
|---|
| Microsoft has released a patch MS15-034 to eliminate the vulnerability. The patch can be downloaded at: http://technet.microsoft.com/security/bulletin/MS15-034 |