Windows HTTP.sys RCE via malformed Range header — wormable potential. Immediately apply MS15-034 patch. Disable IIS HTTP.sys as compensating control. The vulnerability affects all versions of Windows running IIS 6.0-10.0.
HTTP.sys in Microsoft Windows Vista SP2, Server 2008 SP2/R2 SP1, 7 SP1, 8, 8.1, Server 2012 Gold/R2 allows remote attackers to execute arbitrary code via crafted HTTP requests. MS15-034.
Supernova subscribers receive AI-triaged CVE alerts the moment they're published — before the PoC drops.
Start Supernova — $99/mo →