Description
HTTP.sys (CVE-2015-1635) in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka “HTTP.sys Remote Code Execution Vulnerability.
Bussines Impact
The vulnerability could allow remote code execution if an attacker sends a specially crafted HTTP request to an affected Windows system. The security update addresses the vulnerability by modifying how the Windows HTTP stack handles requests.
Recommendation
To prevent this vulnerability from occurring in the future, Windows Server must be updated to the latest version. This vulnerability exists in Windows servers and was first detected in 2015. Currently updating your windows system will fix this vulnerability.
Reference
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034
