A remote code execution vulnerability exists in the HTTP protocol stack (HTTP.sys) that is caused when HTTP.sys improperly parses specially crafted HTTP requests. An attacker who successfully exploited this vulnerability could execute arbitrary code in the context of the System account.
This security update is rated Critical for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2.
- Microsoft has provided a security update for this issue. It's recommended to apply this update as soon as possible.
- WordPress Plugin Plainview Activity Monitor Remote Command Execution (20161228)
- WordPress Plugin WP-Syntax Remote PHP Code Execution (0.9.9)
- WordPress Plugin Maintenance Mode Under Construction Page Landing Page Possible Remote Code Execution (1.0.9)
- Ruby on Rails XML processor YAML deserialization code execution
- GhostScript RCE (Remote Code Execution)