vulnerability

MS16-049: Security Update for HTTP.sys (3148795)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:N/C:N/I:N/A:C)	Apr 12, 2016	Apr 12, 2016	Nov 18, 2021

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

Apr 12, 2016

Added

Apr 12, 2016

Modified

Nov 18, 2021

Description

A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive.

Solutions

WINDOWS-HOTFIX-MS16-037-1f7b2d51-98a1-4240-a636-8096fa0308c3WINDOWS-HOTFIX-MS16-037-34515df7-3d11-4fa9-98ad-77c6f0dafc2aWINDOWS-HOTFIX-MS16-037-45da2895-fcf0-4175-a533-e0fda3dbc081WINDOWS-HOTFIX-MS16-037-4d0814f6-9f22-43aa-b23c-f6243b1e1f4a

References

CVE-2016-0150
https://attackerkb.com/topics/CVE-2016-0150
MS-MS16-049
MSKB-3148795

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today