HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote malicious users to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft windows 8 - |
||
microsoft windows 8.1 - |
||
microsoft windows server 2008 r2 |
||
microsoft windows server 2012 - |
||
microsoft windows server 2012 r2 |
||
microsoft windows 7 - |
Pastebin is for old hats. Cool black hats use Twitter now
Hackers collectively tripled the production of Proof-of-Concept exploits last year, according to a new study out on Thursday. Researchers and black hats develop proof-of-concept (PoC) exploits for research or demonstration purposes. These PoCs are developed for a various reasons – to demonstrate that software is vulnerable, force a company to develop a critical patch, showcase skills, or, in the most malicious cases, claim ownership of a working exploit that can run on real-world targets. More...
Patch Tuesday bug reverse engineered by Thursday
The SANS Institute has warned Windows IIS web server admins to get patching as miscreants are now exploiting a flaw in the software to crash websites. The security bug (CVE-2015-1635) allows attackers to knock web servers offline by sending a simple HTTP request. Microsoft fixed this denial-of-service vulnerability on Tuesday with a patch numbered MS15-034. However, within hours of the update going live, people reverse engineered the new code to find out where the hole is and how to exploit it, ...