A security researcher has published proof-of-concept (PoC) exploit code for a Windows HTTP protocol stack remote code execution (RCE) vulnerability CVE-2021-31166.
Axel Souchet who goes by the handle “0vercl0k” posted the new PoC code to GitHub and also referred to a tweet by Microsoft’s Justin Campbell that the vulnerability had been found by @_mxms and @fzzyhd1:
Souchet sent out another tweet confirming the PoC:
Microsoft patch updates
Microsoft patched the Critical vulnerability CVE-2021-31166 (CVSS base score of 9.8) in May 2021 as part of its monthly security updates.
“In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets,” Microsoft stated in the advisory.
Moreover, the tech giant also warned the vulnerability is wormable and the patch should be prioritized on affected servers.
As part of the May security updates, Microsoft patched 55 vulnerabilities, 4 of those rated Critical and 3 zero-day flaws.
- Windows task scheduler 0-day vulnerability exploit code published
- Exploit code available for ‘Zerologon’ vulnerability (CVE-2020-1472) that affects Microsoft Netlogon
- FBI removes malicious web shells from hundreds of compromised Microsoft Exchange servers
- Microsoft April 2021 Security Updates, includes fixes for Critical Exchange Server vulnerabilities
- Microsoft: New analysis of Exchange Server vulnerabilities and cyberattacks