Security News > 2021 > May > Exploit released for wormable Windows HTTP vulnerability
Proof-of-concept exploit code has been released over the weekend for a critical wormable vulnerability in the latest Windows 10 and Windows Server versions.
The bug, tracked as CVE-2021-31166, was found in the HTTP Protocol Stack used by the Windows Internet Information Services web server as a protocol listener for processing HTTP requests.
Microsoft has patched the vulnerability during this month's Patch Tuesday, and it impacts ONLY Windows 10 versions 2004/20H2 and Windows Server versions 2004/20H2.
While the PoC's release could allow threat actors to develop their own faster, potentially allowing remote code execution, the patching process should also be fast and the impact limited given that most home users with the latest Windows 10 versions should have already updated earlier this week.
Microsoft has patched other wormable bugs in the last two years, impacting the Remote Desktop Services platform, the Server Message Block v3 protocol, and the Windows DNS Server.
Attackers are yet to abuse them to create wormable malware capable of spreading between computers running these vulnerable Windows components.
News URL
Related news
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)
- Patching problems: The “return” of a Windows Themes spoofing vulnerability (source)
- HTTP your way into Citrix's Virtual Apps and Desktops with fresh exploit code (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-11 | CVE-2021-31166 | Use After Free vulnerability in Microsoft products HTTP Protocol Stack Remote Code Execution Vulnerability | 0.0 |