[Plesk] MS15-034 - Remote code execution via HTTP request in IIS on Windows


2016-11-16 13:19:43 UTC


2017-08-16 17:11:16 UTC


Was this article helpful?

Have more questions?

Submit a request

[Plesk] MS15-034 - Remote code execution via HTTP request in IIS on Windows

Applicable to:

  • Plesk for Windows
  • Web Presence Builder for Windows
  • Customer and Business Manager


A remote code execution vulnerability exists in the HTTP protocol stack (HTTP.sys) that is caused when HTTP.sys improperly parses specially crafted HTTP requests. An attacker who successfully exploited this vulnerability could execute arbitrary code in the context of the System account.

To exploit this vulnerability, an attacker would have to send a specially crafted HTTP request to the affected system. The update addresses the vulnerability by modifying how the Windows HTTP stack handles requests.

Request is using the Range -header to trigger a buffer overflow and detect if the system is vulnerable or not. When sending such a request, it can trigger a blue screen on the Windows Server, effectively rendering it offline.


MS15-034 security vulnerability. More details can be found at



Vulnerable Server systems (including Server Core installations):

  • Windows Server 2008 R2 for x64-based Systems Service Pack 1

  • Windows Server 2012

  • Windows Server 2012 R2


Install latest Microsoft updates depending on the used OS version:

Have more questions? Submit a request
Please sign in to leave a comment.