Microsoft Windows Server 2012
Moderate fix2 remedies
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*
Moderate fix2 remedies
Microsoft Windows HTTP.sys Improper Access Control Vulnerability Allowing Privilege Elevation
Vulnerability
A vulnerability in Windows HTTP.sys has been identified, allowing an authorized attacker to elevate privileges over a network. This issue arises from improper access control in the HTTP.sys component.
Impact
Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing an attacker to gain SYSTEM privileges.
Remediation
Users can apply the security update for this vulnerability, which is available as part of the January 2026 Monthly Rollup for various Windows Server and Windows 10 versions. Instructions for downloading this update can be found in the Microsoft Update Catalog.
Added: Jan 13, 2026, 7:23 PM
Updated: Jan 13, 2026, 7:23 PM
Vulnerability Rating
Custom Algorithm
spread
8.4impact
7.5exploitability
3.3remediation
7.7relevance
2.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.