THE article discusses CVE-2026-47291, a critical remote code execution vulnerability in the Windows HTTP.sys driver, which affects Microsoft Internet Information Services (IIS). This vulnerability allows an unauthenticated attacker to exploit the system by sending crafted HTTP packets, potentially causing system denial-of-service or executing arbitrary code with kernel privileges. The issue arises from insufficient bounds checking during the buffer allocation process in HTTP/1.x header parsing.
Mitigations include adjusting the registry's MaxRequestBytes setting and applying the patch provided by Microsoft. Detection methods include monitoring HTTP/1.x request header counts and analyzing TLS application data records.