Security News > 2021 > May > PoC Exploit Released for Wormable Windows Vulnerability
A researcher has released a proof-of-concept exploit for a recently patched Windows vulnerability that could allow remote code execution and which has been described by Microsoft as wormable.
The vulnerability affects the HTTP Protocol Stack and exploitation does not require authentication or user interaction.
The vulnerability only impacts recent versions of Windows 10 and Windows Server, which means it can only be used against certain systems.
"The issue is due to Windows improperly tracking pointers while processing objects in network packets containing HTTP requests. As HTTP.SYS is implemented as a kernel driver, exploitation of this bug will result in at least a Blue Screen of Death, and in the worst-case scenario, remote code execution, which could be wormable," Povolny said.
"While this vulnerability is exceptional in terms of potential impact and ease of exploitation, it remains to be seen whether effective code execution will be achieved. Furthermore, this vulnerability only affects the latest versions of Windows 10 and Windows Server, meaning that the exposure for internet-facing enterprise servers is fairly limited, as many of these systems run Long Term Servicing Channel versions, such as Windows Server 2016 and 2019, which are not susceptible to this flaw," he added.
His PoC does not achieve remote code execution - it shows how an attacker can leverage the flaw to cause a DoS condition on the targeted system by sending it specially crafted packets.
News URL
Related news
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Patching problems: The “return” of a Windows Themes spoofing vulnerability (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- Mitel MiCollab zero-day and PoC exploit unveiled (source)
- PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- 390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits (source)