Article ID: 125233, created on Apr 16, 2015, last review on Apr 17, 2015

  • Applies to:
  • Web Presence Builder
  • Plesk for Windows
  • Plesk Billing


A remote code execution vulnerability exists in the HTTP protocol stack (HTTP.sys) that is caused when HTTP.sys improperly parses specially crafted HTTP requests. An attacker who successfully exploited this vulnerability could execute arbitrary code in the context of the System account.

To exploit this vulnerability, an attacker would have to send a specially crafted HTTP request to the affected system. The update addresses the vulnerability by modifying how the Windows HTTP stack handles requests.

Request is using the Range-header to trigger a buffer overflow and detect if the system is vulnerable or not. When sending such a request, it can trigger a blue screen on the Windows Server, effectively rendering it offline.


MS15-034 security vulnerability. More details can be found at

Vulnerable Server systems (including Server Core installations):

  • Windows Server 2008 R2 for x64-based Systems Service Pack 1

  • Windows Server 2012

  • Windows Server 2012 R2


Install latest Microsoft updates depending on the used OS version:

Search Words



08b3edb77202fffdd656b40acff117c1 56797cefb1efc9130f7c48a7d1db0f0c e0aff7830fa22f92062ee4db78133079 caea8340e2d186a540518d08602aa065 9305481d3bd31663b68451e3bfdec5a5 a914db3fdc7a53ddcfd1b2db8f5a1b9c 85a92ca67f2200d36506862eaa6ed6b8

Email subscription for changes to this article
Save as PDF