MS16-049: Security Update for HTTP.sys (3148795)
High Nessus Plugin ID 90442
SynopsisThe remote Windows host is affected by a denial of service vulnerability.
DescriptionThe remote Windows host is missing a security update. It is, therefore, affected by a denial of service vulnerability in the HTTP 2.0 protocol stack (HTTP.sys) due to improper parsing of HTTP 2.0 requests. An unauthenticated, remote attacker can exploit this vulnerability, via a specially crafted HTTP packet, to cause the system to become unresponsive, resulting in a denial of service condition.
SolutionMicrosoft has released a set of patches for Windows 10.