Security News > 2021 > May > PoC Exploit Released for Wormable Windows Vulnerability

A researcher has released a proof-of-concept exploit for a recently patched Windows vulnerability that could allow remote code execution and which has been described by Microsoft as wormable.

The vulnerability affects the HTTP Protocol Stack and exploitation does not require authentication or user interaction.

The vulnerability only impacts recent versions of Windows 10 and Windows Server, which means it can only be used against certain systems.

"The issue is due to Windows improperly tracking pointers while processing objects in network packets containing HTTP requests. As HTTP.SYS is implemented as a kernel driver, exploitation of this bug will result in at least a Blue Screen of Death, and in the worst-case scenario, remote code execution, which could be wormable," Povolny said.

"While this vulnerability is exceptional in terms of potential impact and ease of exploitation, it remains to be seen whether effective code execution will be achieved. Furthermore, this vulnerability only affects the latest versions of Windows 10 and Windows Server, meaning that the exposure for internet-facing enterprise servers is fairly limited, as many of these systems run Long Term Servicing Channel versions, such as Windows Server 2016 and 2019, which are not susceptible to this flaw," he added.

His PoC does not achieve remote code execution - it shows how an attacker can leverage the flaw to cause a DoS condition on the targeted system by sending it specially crafted packets.

News URL

http://feedproxy.google.com/~r/securityweek/~3/Tpsqf-WyGN8/poc-exploit-released-wormable-windows-vulnerability