CVE-2024-26219

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Apr 9, 2024

Updated: Jan 8, 2025

CWE ID 476

Summary

CVE-2024-26219 is a newly disclosed Denial of Service (DoS) vulnerability affecting HTTP.sys, a component in the Microsoft Windows operating system. An attacker can exploit this weakness by sending maliciously crafted HTTP requests, resulting in a buffer overflow condition. Consequentially, HTTP.sys consumes excessive system resources, leading to a denial of service for affected applications or services. This vulnerability poses a significant threat to organizations and individuals that use Microsoft Windows, especially those with publicly accessible web servers. It is highly recommended that affected systems are promptly patched to mitigate potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database