Slashdot Mirror


Remote Code Execution Vulnerability Found In Windows HTTP Stack

jones_supa writes: A remote code execution vulnerability exists in the Windows HTTP stack that is caused when HTTP.SYS parses specially-crafted HTTP requests. An attacker who has successfully exploited this vulnerability could execute arbitrary code under the SYSTEM context. Details of the bug are withheld, but exploit code is floating around. Microsoft describes the issue in security bulletin MS15-034. An update (KB3042553) is already available for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. As a workaround, Microsoft offers disabling IIS kernel caching.

5 of 119 comments (clear)

  1. I'm running Windows ... by cablepokerface · · Score: 2, Funny

    ... so there is a solid 'no carrier' joke in there, I just can't think of o[NO CARRIER]

  2. Re:HTTP.SYS? by Anonymous Coward · · Score: 5, Funny

    Because that makes it easier to share information across your lan when all the computers have an "http stack" rather than asking sys admins to install apache or some other dirty hippy app. The downside is that it makes it easier to share information across your lan.

  3. Don't see what the big deal is... by alexjplant · · Score: 4, Funny

    Just REM it out of your AUTOEXEC.BAT, flip the power clunker... er, switch, then flip it back on. Problem solved! Nobody will be able to h4x0r your beige box ever again! ...oh, sorry. I saw .SYS and thought we were stuck in 1996 AD.

  4. Re:HTTP.SYS? by BreakBad · · Score: 5, Funny

    Still waiting for my kernel level adware module, oh wait, this new feature can do that too! Yay.

    Today's security patch is brought to you by Nike!!!

  5. Re:Why the hell ... by Zordak · · Score: 3, Funny

    but it's not like a senior engineer rolled out of bed one morning, smoked some crack, and yelled "hey, let's break some crap today!"

    How else do you explain WindowsME and Vista?

    --

    Today's Sesame Street was brought to you by the number e.