Quote:A researcher has released a proof-of-concept (PoC) exploit for CVE-2021-31166, a use-after-free, highly critical vulnerability in the HTTP protocol stack (http.sys) that could lead to wormable remote code execution (RCE).
Microsoft discovered the flaw internally, releasing a patch in its May 11 Patch Tuesday update. This was the most severe bug in that batch: an http.sys issue that requires neither user authentication nor user interaction to exploit. An exploit would allow RCE with kernel privileges or a denial-of-service (DoS) attack.
According to a tweet from Microsoft’s Justin Campbell, the vulnerability was found by @_mxms and @fzzyhd1.
http.sys enables Windows and applications to communicate with other devices; it can be run standalone or in conjunction with Internet Information Services (IIS).
“In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets,” Microsoft explained in its advisory. Given that the vulnerability is wormable, Microsoft recommends prioritizing the patching of affected servers.
Read more: Windows PoC Exploit Released for Wormable RCE | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
