MS15-034: Vulnerability in HTTP.sys could allow remote code execution: April 14, 2015

Summary


This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted HTTP request to an affected Windows system. The security update addresses the vulnerability by modifying how the Windows HTTP stack handles requests.

Introduction

Microsoft has released security bulletin MS15-034. To learn more about this security bulletin:

How to obtain help and support for this security update

Help installing updates:
Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Troubleshooting and Support

Help protect your Windows-based computer from viruses and malware:
Virus Solution and Security Center

Local support according to your country:
International Support

More Information

Important All future security and non-security updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require update 2919355 to be installed. We recommend that you install 2919355 on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer in order to receive continued future updates.


Windows 7 (all editions)Reference Table

The following table contains the security update information for this software.

Security update file name

For all supported 32-bit editions of Windows 7:
Windows6.1-KB3042553-x86.msu


For all supported x64-based editions of Windows 7:
Windows6.1-KB3042553-x64.msu

Installation switches

See Microsoft Knowledge Base Article 934307

Restart requirement

Yes, you must restart your system after you apply this security update.

Removal information

To uninstall an update that is installed by WUSA, use the /Uninstall setup switch. Or, click Control Panel, click System and Security, and under Windows Update, click View installed updates, and then select from the list of updates.

File information

See the file information section.

Registry key verification

Note A registry key does not exist to validate the presence of this update.

Windows Server 2008 R2 (all editions)Reference Table

The following table contains the security update information for this software.

Security update file name

For all supported x64-based editions of Windows Server 2008 R2:
Windows6.1-KB3042553-x64.msu


For all supported Itanium-based editions of Windows Server 2008 R2:
Windows6.1-KB3042553-ia64.msu

Installation switches

See Microsoft Knowledge Base Article 934307

Restart requirement

Yes, you must restart your system after you apply this security update.

Removal information

To uninstall an update that is installed by WUSA, use the /Uninstall setup switch. Or, click Control Panel, click System and Security, click Windows Update, and under See also, click Installed updates, and then select from the list of updates.

File information

See the file information section.

Registry key verification

Note A registry key does not exist to validate the presence of this update.

Windows 8 and Windows 8.1 (all editions)Reference Table

The following table contains the security update information for this software.

Security update file name

For all supported 32-bit editions of Windows 8:
Windows8-RT-KB3042553-x86.msu


For all supported x64-based editions of Windows 8:
Windows8-RT-KB3042553-x64.msu


For all supported 32-bit editions of Windows 8.1:
Windows8.1-KB3042553-x86.msu


For all supported x64-based editions of Windows 8.1:
Windows8.1-KB3042553-x64.msu

Installation switches

See Microsoft Knowledge Base Article 934307

Restart requirement

Yes, you must restart your system after you apply this security update.

Removal information

To uninstall an update that is installed by WUSA, use the /Uninstall setup switch. Or, click Control Panel, click System and Security, click Windows Update, and under See also, click Installed updates, and then select from the list of updates.

File information

See the file information section.

Registry key verification

Note A registry key does not exist to validate the presence of this update.

Windows Server 2012 and Windows Server 2012 R2 (all editions)Reference Table

The following table contains the security update information for this software.

Security update file name

For all supported editions of Windows Server 2012:
Windows8-RT-KB3042553-x64.msu


For all supported editions of Windows Server 2012 R2:
Windows8.1-KB3042553-x64.msu

Installation switches

See Microsoft Knowledge Base Article 934307

Restart requirement

Yes, you must restart your system after you apply this security update.

Removal information

To uninstall an update that is installed by WUSA, use the /Uninstall setup switch. Or, click Control Panel, click System and Security, click Windows Update, and under See also, click Installed updates, and then select from the list of updates.

File information

See the file information section.

Registry key verification

Note A registry key does not exist to validate the presence of this update.


File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.



  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:

    Version

    Product

    Milestone

    Service branch

    6.1.7601.18xxx

    Windows 7 and Windows Server 2008 R2

    SP1

    GDR

    6.1.7601.22xxx

    Windows 7 and Windows Server 2008 R2

    SP1

    LDR

  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.

Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x86-based versions of Windows 7

File name

File version

File size

Date

Time

Platform

Http.sys

6.1.7601.18772

514,560

25-Feb-2015

03:03

x86

Http.sys

6.1.7601.22976

514,560

24-Feb-2015

05:59

x86

For all supported x64-based versions of Windows 7 and Windows Server 2008 R2

File name

File version

File size

Date

Time

Platform

Http.sys

6.1.7601.18772

754,688

25-Feb-2015

03:18

x64

Http.sys

6.1.7601.22976

754,688

24-Feb-2015

06:06

x64

For all supported IA-64-based versions of Windows Server 2008 R2

File name

File version

File size

Date

Time

Platform

Http.sys

6.1.7601.18772

1,442,816

25-Feb-2015

02:38

IA-64

Http.sys

6.1.7601.22976

1,443,840

24-Feb-2015

05:37

IA-64


  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:

    Version

    Product

    Milestone

    Service branch

    6.2.920 0.16 xxx

    Windows 8 and Windows Server 2012

    RTM

    GDR

    6.2.920 0.20 xxx

    Windows 8 and Windows Server 2012

    RTM

    LDR

  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.

Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x86-based versions of Windows 8

File name

File version

File size

Date

Time

Platform

Http.sys

6.2.9200.17285

641,024

24-Feb-2015

07:11

x86

Http.sys

6.2.9200.21401

641,024

24-Feb-2015

06:38

x86

For all supported x64-based versions of Windows 8 and Windows Server 2012

File name

File version

File size

Date

Time

Platform

Http.sys

6.2.9200.17285

861,696

24-Feb-2015

07:58

x64

Http.sys

6.2.9200.21401

859,648

24-Feb-2015

07:51

x64


For all supported x86-based versions of Windows 8.1

File name

File version

File size

Date

Time

Platform

Http.sys

6.3.9600.17712

738,112

24-Feb-2015

08:20

x86

For all supported x64-based versions of Windows 8.1 and Windows Server 2012 R2

File name

File version

File size

Date

Time

Platform

Http.sys

6.3.9600.17712

991,552

24-Feb-2015

08:32

x64


Package Name

Package Hash SHA1

Package Hash SHA2

Windows6.1-KB3042553-ia64.msu

B14B012147CCB57989C644FE76BADDB2AC547E75

B7E6DC02E5B7B02F29410D33576D72D59E7D447B16D1A77AE75CF7967CEFD9AE

Windows6.1-KB3042553-ia64.msu

B14B012147CCB57989C644FE76BADDB2AC547E75

B7E6DC02E5B7B02F29410D33576D72D59E7D447B16D1A77AE75CF7967CEFD9AE

Windows6.1-KB3042553-x64.msu

5692CC4EA7937ECD6053C76D705C1C3D9F58AFDB

F40C605801F06D9EE6AD5E676DDDB95B639DB192C11336477546081D33DCE683

Windows6.1-KB3042553-x64.msu

5692CC4EA7937ECD6053C76D705C1C3D9F58AFDB

F40C605801F06D9EE6AD5E676DDDB95B639DB192C11336477546081D33DCE683

Windows6.1-KB3042553-x86.msu

7B7046B3F0C498579B9C9FC2C6F4F774B052D8F8

9668979847C98069B7BABFDC8CBFC687E144F1C93B5F418455FF490C701F1C1C

Windows6.1-KB3042553-x86.msu

7B7046B3F0C498579B9C9FC2C6F4F774B052D8F8

9668979847C98069B7BABFDC8CBFC687E144F1C93B5F418455FF490C701F1C1C

Windows8.1-KB3042553-x64.msu

58A4C0BBDE72C3EB63DDD76D43F9EF63D70EC168

BCDAA1DC9F5F394E91EE19EC79E974C1CC8DBD9F5BF3CB2A4DD0E6850DF41E1B

Windows8.1-KB3042553-x64.msu

58A4C0BBDE72C3EB63DDD76D43F9EF63D70EC168

BCDAA1DC9F5F394E91EE19EC79E974C1CC8DBD9F5BF3CB2A4DD0E6850DF41E1B

Windows8.1-KB3042553-x86.msu

6370BB756C13DB47BE2BC7333E0A0683BAA0D932

412E7106A0CA4D576B9673008ED5463018A22ACE467D6B984BEF283DF12DA7A2

Windows8.1-KB3042553-x86.msu

6370BB756C13DB47BE2BC7333E0A0683BAA0D932

412E7106A0CA4D576B9673008ED5463018A22ACE467D6B984BEF283DF12DA7A2

Windows8-RT-KB3042553-x64.msu

9D3E6633BAF02066B2FA1511E506DEDDE3823FF1

CCE6C76BEDF650C2AEC474D3C73B3087180B366328D2F3D40C70F518C55E1DC6

Windows8-RT-KB3042553-x64.msu

9D3E6633BAF02066B2FA1511E506DEDDE3823FF1

CCE6C76BEDF650C2AEC474D3C73B3087180B366328D2F3D40C70F518C55E1DC6

Windows8-RT-KB3042553-x86.msu

B525D5E84EF23940531910290EE63D7F0BFB635E

ABDF2D2C5F74518FF160E0596C7DC6BD3CEB4F5D1452ACC510BE426155B4D206

Windows8-RT-KB3042553-x86.msu

B525D5E84EF23940531910290EE63D7F0BFB635E

ABDF2D2C5F74518FF160E0596C7DC6BD3CEB4F5D1452ACC510BE426155B4D206


Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×