PT-2026-57249 · Undefined · Undefined
Publicado
2026-07-10
·
Atualizado
2026-07-10
·
CVE-2026-47791
Nenhuma
Não há classificações de severidade ou métricas disponíveis. Quando houver, atualizaremos as informações correspondentes na página.
CVE-2026-47291: Kernel-Mode RCE in Windows HTTP.sys
A critical Remote Code Execution (RCE) vulnerability, CVE-2026-47291, has been identified and recently patched in the Windows kernel-mode HTTP protocol stack,
HTTP.sys. This flaw allows remote, unauthenticated attackers to achieve denial-of-service or, in the worst case, code execution with kernel privileges.Technical Breakdown:
- Vulnerability: CVE-2026-47791 affects the
HTTP.sysdriver, which provides HTTP request parsing and SSL/TLS termination for IIS and other applications. - Root Cause: The vulnerability stems from invalid validation of incoming HTTP requests.
- Exploitation: A remote, unauthenticated attacker can exploit this by sending specially crafted HTTP packets to the target system.
- Impact: Successful exploitation can result in a denial-of-service condition or kernel-level code execution.
- MITRE ATT&CK Mapping:
- Initial Access: T1190 (Exploit Public-Facing Application)
- Execution: T1059 (Command and Scripting Interpreter) - specifically via RCE with kernel privileges.
- Impact: T1499 (Service Degradation/Denial of Service), T1068 (Exploitation for Privilege Escalation)
Defense:
Given this is a recently patched vulnerability, prioritize ensuring all Windows systems, especially those running IIS or other applications that utilize
HTTP.sys, are fully updated with the latest security patches from Microsoft. Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Undefined