Critical Vulnerability Affecting IIS Being Actively Exploited

Number: AL15-004
Date: 16 April 2015


The purpose of this alert is to bring attention to a vulnerability in HTTP.SYS that affects IIS and could lead to a Denial of Service condition causing the host operating system (OS) to crash.


A vulnerability exists in the HTTP protocol stack (HTTP.sys) on Windows systems. A remote unauthenticated user could craft a special HTTP request causing the HTTP.sys to improperly parse the request and subsequently cause the host OS to crash. At this time CCIRC is aware of proof of concept exploit code that allows a remote user to crash the host.

Suggested action

CCIRC recommends prioritization of this patch or suggested workarounds due to the exposure of these systems to the internet.


CCIRC Advisory:
Test Scripts available:

Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589

Date modified: