A security researcher has published proof-of-concept (PoC) exploit code for a Windows HTTP protocol stack remote code execution (RCE) vulnerability CVE-2021-31166.
Axel Souchet who goes by the handle “0vercl0k” posted the new PoC code to GitHub and also referred to a tweet by Microsoft’s Justin Campbell that the vulnerability had been found by @_mxms and @fzzyhd1:
Fortunately this http.sys bug was an internal find by our team. This one thanks to @_mxms, @fzzyhd1 and everyone who contributes to our tooling and automation. https://t.co/0ru9BQMaJ9
— Justin Campbell (@metr0) May 13, 2021
Souchet sent out another tweet confirming the PoC:
I've built a PoC for CVE-2021-31166 the "HTTP Protocol Stack Remote Code Execution Vulnerability": https://t.co/8mqLCByvCp 🔥🔥 pic.twitter.com/yzgUs2CQO5
— Axel Souchet (@0vercl0k) May 16, 2021
Microsoft patch updates
Microsoft patched the Critical vulnerability CVE-2021-31166 (CVSS base score of 9.8) in May 2021 as part of its monthly security updates.
“In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets,” Microsoft stated in the advisory.
Moreover, the tech giant also warned the vulnerability is wormable and the patch should be prioritized on affected servers.
As part of the May security updates, Microsoft patched 55 vulnerabilities, 4 of those rated Critical and 3 zero-day flaws.
Related Articles
- Windows task scheduler 0-day vulnerability exploit code published
- Exploit code available for ‘Zerologon’ vulnerability (CVE-2020-1472) that affects Microsoft Netlogon
- FBI removes malicious web shells from hundreds of compromised Microsoft Exchange servers
- Microsoft April 2021 Security Updates, includes fixes for Critical Exchange Server vulnerabilities
- Microsoft: New analysis of Exchange Server vulnerabilities and cyberattacks