Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
This vulnerability can affect Windows devices running applications that employ HTTP.sys, such as Internet Information Services (IIS), Windows Remote Management WS-Management (WinRM), or Web Services for Devices (WSD). An unauthenticated attacker can leverage public exploit code to create a denial of service (DoS). The vulnerability can also enable an attacker to gain complete control of a device.
Kill Chain
Risk Score
92
The HTTP Protocol Stack (HTTP.sys) is a kernel-mode device driver in Windows devices responsible for processing inbound HTTP requests and creating outbound HTTP responses. For example, HTTP.sys provides web server functionality to internet-facing applications such as Internet Information Services (IIS), Exchange, and SharePoint. A vulnerability exists in how HTTP.sys processes incoming HTTP requests with manipulated Accept-Encoding headers. An attacker crafts a combination of particular Accept-Encoding values that causes HTTP.sys to incorrectly process the request in a way that corrupts a critical data structure in the kernel. The corrupt data structure can lead to remote command execution (RCE) or a denial of service (DoS).
