All posts tagged http.sys

Critical Update MS15-034 and DirectAccess

Microsoft Security Bulletin MS15-034 Vulnerability in HTTP.sys affects DirectAccessThe April 2015 monthly security update release from Microsoft includes a fix for a serious vulnerability in HTTP.sys. On an unpatched server, an attacker who sends a specially crafted HTTP request will be able to execute code remotely in the context of the local system account. DirectAccess leverages HTTP.sys for the IP-HTTPS IPv6 transition protocol and is critically exposed. Organizations who have deployed DirectAccess are urged to update their systems immediately.

More information can be found on MS15-034 here.

Leave a comment
by Richard M. Hicks on April 20, 2015  •  Permalink
Posted in DirectAccess, Hotfix, IP-HTTPS, IPv6, IPv6 Transition, Remote Access, Security, SSL and TLS, Update, Windows Server 2012 R2
Tagged , , , , , , , , ,

Posted by Richard M. Hicks on April 20, 2015

https://directaccess.richardhicks.com/2015/04/20/critical-update-ms15-034-and-directaccess/