Security News > 2021 > May > Exploit released for wormable Windows HTTP vulnerability
Proof-of-concept exploit code has been released over the weekend for a critical wormable vulnerability in the latest Windows 10 and Windows Server versions.
The bug, tracked as CVE-2021-31166, was found in the HTTP Protocol Stack used by the Windows Internet Information Services web server as a protocol listener for processing HTTP requests.
Microsoft has patched the vulnerability during this month's Patch Tuesday, and it impacts ONLY Windows 10 versions 2004/20H2 and Windows Server versions 2004/20H2.
While the PoC's release could allow threat actors to develop their own faster, potentially allowing remote code execution, the patching process should also be fast and the impact limited given that most home users with the latest Windows 10 versions should have already updated earlier this week.
Microsoft has patched other wormable bugs in the last two years, impacting the Remote Desktop Services platform, the Server Message Block v3 protocol, and the Windows DNS Server.
Attackers are yet to abuse them to create wormable malware capable of spreading between computers running these vulnerable Windows components.
News URL
Related news
- PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) (source)
- New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (source)
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)
- Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-11 | CVE-2021-31166 | Use After Free vulnerability in Microsoft Windows 10 and Windows Server 2016 HTTP Protocol Stack Remote Code Execution Vulnerability | 9.8 |