You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2025-27473
About this tag
CVE-2025-27473 is a denial-of-service vulnerability in the Windows HTTP.sys driver, which is a kernel-mode component that handles HTTP requests for Internet Information Services (IIS) and other applications. This flaw allows an unauthenticated attacker to trigger uncontrolled resource consumption remotely, leading to a denial-of-service condition. Discussions on WindowsForum highlight the technical details of the vulnerability, its impact on Windows systems, and the importance of applying security updates from Microsoft. IT professionals and system administrators should prioritize patching to mitigate the risk of network-based attacks exploiting this issue.
Microsoft’s advisory for a newly referenced HTTP.sys vulnerability describes an out‑of‑bounds read in the Windows HTTP protocol stack that can be triggered remotely against Internet Information Services (IIS) and other HTTP.sys consumers, allowing an unauthenticated attacker to cause a...
Windows users and IT professionals—prepare to dive into the intricacies of a fresh challenge in the cybersecurity landscape. CVE-2025-27473, a denial-of-service vulnerability discovered in the Windows HTTP.sys driver, exposes a path for attackers to trigger uncontrolled resource consumption...