Proof-of-Concept Exploit Code For 'Wormable' Windows Vulnerability


A security researcher has published proof-of-concept exploit code for a 'wormable' vulnerability in Windows 10 and Windows Server. Last Tuesday, Microsoft released security updates to the vulnerability. The vulnerability, designated CVE-2021-31166 , resides in the http protocol stack of Windows 10 and Windows Server.

By sending a specially prepared network packet to a vulnerable server that uses this stack (http.sys) to process packets, an attacker could execute arbitrary code with kernel rights and thus completely take over the system. No user interaction is required.

The vulnerability was rated 9.8 on a severity scale of 1 to 10. According to Microsoft, which discovered the vulnerability itself, exploitation of the vulnerability is easy. The tech company therefore advises organizations to prioritize server patching.

Security researcher and former Microsoft engineer Axel Souchet released proof-of-concept exploit code for the vulnerability yesterday. This makes it possible to crash vulnerable Windows systems running Microsoft Internet Information Services (IIS). The exploit code cannot be used to spread a computer worm.

Previously, Adam Bunn of security firm Rapid7 warned that it is only a matter of time before the vulnerability is used for large-scale attacks against Windows 10 and Windows Server machines. The Zero Day Initiative and antivirus company McAfee advised organizations to place the security update for CVE-2021-31166 at the top of the list of patches to be tested and deployed.

Previous Post Next Post