⚠ Actively exploited

Added to CISA KEV on 2022-02-10. Federal agencies required to patch by 2022-08-10. Required action: Apply updates per vendor instructions..

CVE-2015-1635 — Code Injection in Microsoft Windows Server 2008

CWE-94 — Code Injection22 documents14 sources

Severity

9.8CRITICALNVD

EPSS

94.3%

top 0.05%

CISA KEV

KEV

Added 2022-02-10

Due 2022-08-10

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Windows Server 2008 Microsoft Windows Server 2012

Timeline

PublishedApr 14

KEV addedFeb 10

KEV dueAug 10

Latest updateJul 17

CISA Required Action: Apply updates per vendor instructions.

Description

HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDmicrosoft/windowsr2

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-p8wc-6g47-vh8j: HTTP↗2022-05-14

▶

VulnCheck

Microsoft HTTP.sys Remote Code Execution Vulnerability↗2015

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows - 'HTTP.sys' HTTP Request Parsing Denial of Service (MS15-034)↗2015-04-16

▶

Exploit-DB

Microsoft Windows - 'HTTP.sys' (PoC) (MS15-034)↗2015-04-15

▶

Metasploit

MS15-034 HTTP Protocol Stack Request Handling Denial-of-Service↗

▶

Metasploit

MS15-034 HTTP Protocol Stack Request Handling HTTP.SYS Memory Information Disclosure↗

▶

Nuclei

Microsoft Windows 'HTTP.sys' - Remote Code Execution

▶

🔍Detection Rules

Suricata

ET WEB_SERVER Possible IIS Integer Overflow DoS (CVE-2015-1635)↗2015-04-15

▶

📋Vendor Advisories

CISA

Microsoft HTTP.sys Remote Code Execution Vulnerability↗2022-02-10

▶

🕵️Threat Intelligence

Qualys

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys↗2022-02-23

▶

Unit42

Network Attack Trends: Internet of Threats (November 2020-January 2021)↗2021-04-12

▶

Unit42

Network Attack Trends: Internet of Threats (November 2020-January 2021)↗2021-04-12

▶

Qualys

MS15-034 Analysis And Remote Detection | Qualys↗2015-04-20

▶

Qualys

MS15-034 Analysis And Remote Detection | Qualys↗2015-04-20

▶

📄Research Papers

arXiv

Enterprise Security Incident Analysis and Countermeasures Based on the T-Mobile Data Breach↗2025-07-17

▶

CTF

EZ / devel↗

▶

💬Community

HackerOne

[Urgent] Critical Vulnerability [RCE] on ███ vulnerable to Remote Code Execution by exploiting MS15-034, CVE-2015-1635↗2022-05-26

▶