A proof of concept has been released for a wormable memory corruption vulnerability in an HTTP protocol stack (http.sys) used by Windows IIS.
No exploits have been observed in the wild yet.
THE VULNERABILITY
- CVE-2021-31166: Unauthenticated threat actors can exploit this CVE to remotely execute arbitrary code and trigger DoS attacks by sending malicious packets through vulnerable HTTP.
- Impacted versions: Windows 10 versions 2004/20H2 and Windows Server versions 2004/20H2.
RECOMMENDED SOLUTION
- Microsoft issued a security advisory and recommends all customers to patch their systems
For more information, refer to Microsoft for solutions to mitigate and defend your systems.
Sources : Cert-fr, Microsoft, Recorded Future, Bleeping Computer, GitHub