A proof of concept (PoC) script was released exploiting a critical vulnerability in the latest version of Windows 10 and Windows Server additions. The vulnerability, tracked as CVE-2021-31166 was found in the HTTP Protocol Stack (HTTP.sys), used by the Windows Information (IIS) webserver. The Windows HTTP vulnerability has wormable properties, meaning it is self-propagating, unlike a virus, it can autonomously infect other systems. Microsoft disclosed that the vulnerability impacts the following versions:
- Windows 10 versions 2004/20H2
- Windows Server versions 2004/20H2
Demo exploit code released by a security researcher called Axel Souchet. This PoC lacks the wormable properties, but it does abuse the vulnerability to trigger a Denial of Service, leading to a “Blue screen of death” on vulnerable systems.
Link to PoC.
The vulnerability allows an unauthenticated attacker to execute arbitrary commands remotely.
Microsoft has patched the vulnerability and recommends prioritising patching of affected servers. More information on the vulnerability can be found in Microsoft’s advisory.
Source: Bleeping Computer