CVE-2015-1635

Name of the Vulnerable Software and Affected Versions Microsoft Windows 7 SP1 Microsoft Windows Server 2008 R2 SP1 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Gold Microsoft Windows Server 2012 R2

Description A remote code execution issue exists in the HTTP protocol stack (HTTP.sys) due to improper parsing of specially crafted HTTP requests. This allows remote attackers to execute arbitrary code in the context of the System account. To exploit this issue, an attacker would have to send a specially crafted HTTP request to the affected system.

Recommendations For Microsoft Windows 7 SP1, update to a newer version that contains a fix for this issue. For Microsoft Windows Server 2008 R2 SP1, update to a newer version that contains a fix for this issue. For Microsoft Windows 8, update to a newer version that contains a fix for this issue. For Microsoft Windows 8.1, update to a newer version that contains a fix for this issue. For Microsoft Windows Server 2012 Gold, update to a newer version that contains a fix for this issue. For Microsoft Windows Server 2012 R2, update to a newer version that contains a fix for this issue.