PT-2026-57249 · Undefined · Undefined

Publicado

2026-07-10

·

Atualizado

2026-07-10

·

CVE-2026-47791

Nenhuma

Não há classificações de severidade ou métricas disponíveis. Quando houver, atualizaremos as informações correspondentes na página.
CVE-2026-47291: Kernel-Mode RCE in Windows HTTP.sys
A critical Remote Code Execution (RCE) vulnerability, CVE-2026-47291, has been identified and recently patched in the Windows kernel-mode HTTP protocol stack, HTTP.sys. This flaw allows remote, unauthenticated attackers to achieve denial-of-service or, in the worst case, code execution with kernel privileges.
Technical Breakdown:
  • Vulnerability: CVE-2026-47791 affects the HTTP.sys driver, which provides HTTP request parsing and SSL/TLS termination for IIS and other applications.
  • Root Cause: The vulnerability stems from invalid validation of incoming HTTP requests.
  • Exploitation: A remote, unauthenticated attacker can exploit this by sending specially crafted HTTP packets to the target system.
  • Impact: Successful exploitation can result in a denial-of-service condition or kernel-level code execution.
  • MITRE ATT&CK Mapping:
  • Initial Access: T1190 (Exploit Public-Facing Application)
  • Execution: T1059 (Command and Scripting Interpreter) - specifically via RCE with kernel privileges.
  • Impact: T1499 (Service Degradation/Denial of Service), T1068 (Exploitation for Privilege Escalation)
Defense: Given this is a recently patched vulnerability, prioritize ensuring all Windows systems, especially those running IIS or other applications that utilize HTTP.sys, are fully updated with the latest security patches from Microsoft.
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Identificadores relacionados

CVE-2026-47791

Produtos afetados

Undefined