“Wormhole” Proof of Concept Released for Wormable Windows HTTP Vulnerability

Windows HTTP Vulnerability

A proof of concept (PoC) script was released exploiting a critical vulnerability in the latest version of Windows 10 and Windows Server additions. The vulnerability, tracked as CVE-2021-31166 was found in the HTTP Protocol Stack (HTTP.sys), used by the Windows Information (IIS) webserver. The Windows HTTP vulnerability has wormable properties, meaning it is self-propagating, unlike a virus, it can autonomously infect other systems. Microsoft disclosed that the vulnerability impacts the following versions:

  • Windows 10 versions 2004/20H2
  • Windows Server versions 2004/20H2

The impact:

Demo exploit code released by a security researcher called Axel Souchet. This PoC lacks the wormable properties, but it does abuse the vulnerability to trigger a Denial of Service, leading to a “Blue screen of death” on vulnerable systems.

Link to PoC.

The vulnerability allows an unauthenticated attacker to execute arbitrary commands remotely.

The remediation:

Microsoft has patched the vulnerability and recommends prioritising patching of affected servers. More information on the vulnerability can be found in Microsoft’s advisory.

Source: Bleeping Computer

Risk Crew