Geeks for your information
Windows PoC Exploit Released for Wormable RCE - Printable Version

+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: News (https://www.geeks.fyi/forumdisplay.php?fid=105)
+--- Forum: Privacy & Security News (https://www.geeks.fyi/forumdisplay.php?fid=107)
+--- Thread: Windows PoC Exploit Released for Wormable RCE (/showthread.php?tid=15087)



Windows PoC Exploit Released for Wormable RCE - silversurfer - 20 May 21

Quote:A researcher has released a proof-of-concept (PoC) exploit for CVE-2021-31166, a use-after-free, highly critical vulnerability in the HTTP protocol stack (http.sys) that could lead to wormable remote code execution (RCE).

Microsoft discovered the flaw internally, releasing a patch in its May 11 Patch Tuesday update. This was the most severe bug in that batch: an http.sys issue that requires neither user authentication nor user interaction to exploit. An exploit would allow RCE with kernel privileges or a denial-of-service (DoS) attack.

According to a tweet from Microsoft’s Justin Campbell, the vulnerability was found by @_mxms and @fzzyhd1.
 
http.sys enables Windows and applications to communicate with other devices; it can be run standalone or in conjunction with Internet Information Services (IIS).

“In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets,” Microsoft explained in its advisory. Given that the vulnerability is wormable, Microsoft recommends prioritizing the patching of affected servers.

Read more: Windows PoC Exploit Released for Wormable RCE | Threatpost