Microsoft has released a patch for a critical remote code execution vulnerability in the Windows HTTP Stack for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2.

The flaw could allow an unauthenticated attacker to take complete control of the affected web server.

Detecting the Vulnerability

Within hours of the disclosure, AppCheck updated its vulnerability database to remotely detect the flaw. To scan your infrastructure for the vulnerability, sign up for a free scan using the “Free trial” link at top of the page.

Technical Details

From https://technet.microsoft.com/en-us/library/security/ms15-034.aspx;

A remote code execution vulnerability exists in the HTTP protocol stack (HTTP.sys) that is caused when HTTP.sys improperly parses specially crafted HTTP requests. An attacker who successfully exploited this vulnerability could execute arbitrary code in the context of the System account.

To exploit this vulnerability, an attacker would have to send a specially crafted HTTP request to the affected system. The update addresses the vulnerability by modifying how the Windows HTTP stack handles requests.