www.thezdi.com 7/10/2026, 3:01:46 PM · external

CVE-2026-47291 Flaw in Windows IIS Allows Kernel Code Execution

CVE-2026-47291 Flaw in Windows IIS Allows Kernel Code Execution
Developing story vulnerability 4 articles tracked
Microsoft June 2026 Patch Tuesday addresses 208 vulnerabilities
CyberSIXT Evidence Panel
Primary Source msrc.microsoft.com
CVE Intel
CISA KEV Not in KEV
Patch Patch Available

THE article discusses CVE-2026-47291, a critical remote code execution vulnerability in the Windows HTTP.sys driver, which affects Microsoft Internet Information Services (IIS). This vulnerability allows an unauthenticated attacker to exploit the system by sending crafted HTTP packets, potentially causing system denial-of-service or executing arbitrary code with kernel privileges. The issue arises from insufficient bounds checking during the buffer allocation process in HTTP/1.x header parsing.

Mitigations include adjusting the registry's MaxRequestBytes setting and applying the patch provided by Microsoft. Detection methods include monitoring HTTP/1.x request header counts and analyzing TLS application data records.

View Primary Source Via www.thezdi.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline